AUTOSAR SWS DiagnosticCommunicationManager 45-216

Specification of Diagnostic Communication
Manager
AUTOSAR CP Release 4.4.0
7 Functional specification
7.1 Error Classification

This section describes how the Dcm module has to treat the several error classes that
may happen during the life cycle of the Dcm module.
Diagnostic-Communication-Errors are handled directly in the ISO-Protocols by NRCs.
[SWS_Dcm_00044] d The error values shall be the unique for all error types. The Dcm
shall use only the values given in this chapter. c(SRS_BSW_00369)
7.1.1 Development Errors
[SWS_Dcm_00040] Development Error Types d The errors and exceptions de-

scribed in Table 7.1 shall be detectable by the Dcm module depending on its build
version (development/production mode) c(SRS_BSW_00337)
Type of error Related error code Value [hex]
Interface return-value is out of DCM_E_INTERFACE_RETURN_VALUE 0x02
range
Interface: Boundary check of DCM_E_INTERFACE_BUFFER_OVERFLOW 0x03
buffers provided by the Dcm
failed during interaction with an-
other module (application, Dem,
PduR, etc.)
Internal:Dcm not initialized DCM_E_UNINIT 0x05
Dcm API function with invalid in- DCM_E_PARAM 0x06
put parameter
Dcm API service invoked with DCM_E_PARAM_POINTER 0x07
NULL POINTER as parameter
Dcm initialisation failed DCM_E_INIT_FAILED 0x08
Storing the ProgConditions DCM_E_SET_PROG_CONDITIONS_FAIL 0x09
failed
Table 7.1: Dcm development errors
7.1.2 Runtime Errors
[SWS_Dcm_01416] Runtime Error Types d The errors and exceptions described in

Table 7.2 shall be detectable by the Dcm module depending on its build version (devel-
opment/production mode). c(SRS_BSW_00452)
45 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

— AUTOSAR CONFIDENTIAL —
Manager
Type of error Related error code Value [hex]

The Dcm is getting called with DCM_E_INVALID_VALUE 0x01
an invalid input parameter value
or the Dcm has called an func-
tion and this function returns an
invalid out parameter or return
value.
Interface: Timeout occurred DCM_E_INTERFACE_TIMEOUT 0x01
during interaction with another
module (e.g. maximum number
of response pending is reached,
refer to [SWS_Dcm_00120])
Table 7.2: Dcm Runtime errors
7.1.3 Transient Faults
There are no transient faults.
7.1.4 Production Errors
There are no production errors.
7.1.5 Extended Production Errors
There are no extended production errors.
7.2 General design elements
7.2.1 Submodules within the Dcm module
To define the functionality of the Dcm module, The Dcm SWS models the Dcm module
as consisting of the following submodules:
• Diagnostic Session Layer (DSL) submodule: The DSL submodule ensures data
flow concerning diagnostic requests and responses, supervises and guarantees
diagnostic protocol timing and manages diagnostic states (especially diagnostic
session and security).
• Diagnostic Service Dispatcher (DSD) submodule: The DSD submodule pro-
cesses a stream of diagnostic data. The submodule:
– Receives a new diagnostic request over a network and forwards it to a data
processor.

Manager
– Transmits a diagnostic response over a network when triggered by the data

processor (e.g. by the DSP submodule).
• Diagnostic Service Processing (DSP) submodule: The DSP submodule handles
the actual diagnostic service (respectively subservice) requests.
The next graphic gives an overview of the interfaces between the submodules DSP,
DSD, and DSL within the Dcm module.
DspInternal_CancelPagedBufferProcessing()
DEM Interface DEM
Xxx_ReadData() DsdInternal_ProcessPage()
Xxx_WriteData()
Xxx_ReadDataLength() DspInternal_DcmUpdatePage()
DsdInternal_StartPagedProcessing()
Xxx_ConditionCheckRead()
Xxx_GetScalingInformation()
DSD
Service Interpreter calls
Xxx_ReturnControlToECU()
Xxx_ResetToDefault() DspInternal_DcmConfirmation()
Xxx_FreezeCurrentState() DSP
Xxx_ShortTermAdjustment() <Module>_<DiagnosticService>_<SubService>
RTE (Application)
()
Xxx_GetInfoTypeValue() <Module>_<DiagnosticService>()
Xxx_IsDidAvailable()
Xxx_WriteDidData()
Data Confirmation functionality

Data Indication functionality
Xxx_ReadDidData()
Xxx_Start()
Transmit functionality
Xxx_Stop()
Xxx_RequestResults()
Xxx_RequestControl()
External
Xxx_GetSeed()
Xxx_CompareKey() module
Xxx_Indication()
Xxx_Confirmation() PDU Router
Dcm_StartOfReception()
Dcm_CopyRxData()
DslInternal_SetSesCtrlType() Dcm_CopyTxData()
Dcm_TpRxIndication()
DslInternal_SetSecurityLevel()
Dcm_TpTxConfirmation()
PduR_DcmTransmit()
PduR_DcmCancelTransmit()
DSL PduR_DcmCancelReceive()
Dcm_ResetToDefaultSession()
Dcm_GetSecurityLevel( COM Manager
Dcm_GetSesCtrlTypel( *1 | see page
Dcm_GetActiveProtocol()
Xxx_StartProtocol() *2 | before
|
Xxx_StopProtocol() Dcm_Init() |
Figure 7.1: Possible interaction between the submodules in the DCM
Note: The implementation of these submodules and the interfaces between them is
not mandatory. They are introduced only to improve the readability of the specification.
7.2.2 Negative Response Code (NRC)
The standards defining the UDS Services and OBD Services define the negative re-
sponse codes (NRCs). The Dcm SWS uses these NRCs in the interfaces between the
Dcm and other BSW modules and the SW-Cs. These NRCs are defined in the data
type Dcm_NegativeResponseCodeType.
[SWS_Dcm_01075] d The order of the transmitted NRC shall be compliant with the one
described in ISO14229-1 [1]. c()

Manager
7.2.3 Non-volatile information
Several features of the Dcm require non-volatile information to be initialized. AUTOSAR

does not describe how this information is accessed or if the information is already avail-
able when the Dcm is initialized. Therefore the access for the non-volatile information
is implementation specific and has to be ensured during integration.
[SWS_Dcm_00870] d The Dcm shall check if the NvM is read out correctly. If the non-
volatile information could not read out correct the Dcm shall start a default reaction.
The default reaction is described in the chapter were the usage of the non-volatile data
is described. c()
[SWS_Dcm_01048] d If the Dcm cancels a service with NvM access, it shall call
NvM_CancelJobs(). c()
The service is cancelled either by reaching the maximum number of RCRRP NRCs or
by protocol preemption.
7.2.4 Types
[SWS_Dcm_00969] d The Dcm shall treat non-integer data types (e.g. uint8[n]) either
like integer data types of the matching size or leave their contents uninterpreted in case
DcmDspDataEndianness is configured to OPAQUE. c()
[SWS_Dcm_00970] d The Dcm module shall interpret opaque data as uint8[n] and
shall always map it to an n-bytes sized signal. For opaque data endianness, DcmDsp-
DataEndianness has to be configured to OPAQUE. c()
[SWS_Dcm_00971] d The Dcm shall extend the endianness conversion defined in [10],
to signed data types. c()
In [10] (Chapter 2.4) the endianness conversion is defined for unsigned data types. The
associated configurations can be found in the configuration 10.2.5.9.1 DcmDspData.
7.2.4.1 Atomic types overview
Figure 7.2: Atomic types overview

Manager
7.2.4.2 Data array types overview
Figure 7.3: Data array types overview
7.2.4.3 Data types constraints
[SWS_Dcm_CONSTR_6002] Existence of size parameter d DcmDspDataByte-

Size shall be present if DcmDspDataType is set to: UINT8_N, SINT8_N, UINT16_N,
SINT16_N, UINT32_N, SINT32_N or UINT8_DYN. c()
Note: DcmDspDataByteSize is not required for primitive datatypes
[SWS_Dcm_CONSTR_6035] Restrictions on size parameter for 16 Bit arrays d
DcmDspDataByteSize shall be a multiple of 2 if the value is greater than 2 and
DcmDspDataType is UINT16_N or SINT16_N. c()
DcmDspDataByteSize shall be a multiple of 4 if the value is greater than 4 and
DcmDspDataType is UINT32_N or SINT32_N. c()
[SWS_Dcm_CONSTR_6008] Define the usage of DcmDspRoutineParameter-
Size parameter d DcmDspRoutineParameterSize is only required if DcmDspRou-
tineSignalType is set to SINT8_N, SINT16_N, SINT32_N, UINT8_N, UINT16_N,
UINT32_N or VARIABLE_LENGTH. c()
[SWS_Dcm_CONSTR_6011] Only last parameters in RID may have a variable
length d DcmDspRoutineSignalType with VARIABLE_LENGTH is only valid for the last
signal. c()
[SWS_Dcm_CONSTR_6012] Existence of size parameter d DcmDspPid-
DataByteSize shall be present if DcmDspPidDataType is set to: UINT8_N,
SINT8_N, UINT16_N, SINT16_N, UINT32_N or SINT32_N. c()
Note: DcmDspPidDataByteSize is not required for primitive datatypes
DcmDspPidDataByteSize shall be a multiple of 2 if the value is greater than 2 and
DcmDspPIDDataType is UINT16_N or SINT16_N. c()
DcmDspPidDataByteSize shall be a multiple of 4 if the value is greater than 4 and
DcmDspPIDDataType is UINT32_N or SINT32_N. c()
UINT8 shall be used as (implementation) data type for bit lengths between 1 and 8

Manager
[SWS_Dcm_CONSTR_6038] Restrictions on datatype usage d DcmDspDataType

shall be UINT8_N, in case DcmDspDataUsePort is equal to USE_BLOCK_ID. c()
[SWS_Dcm_CONSTR_6026] Usage of variable data length in case
of S/R communication, NvRam access or ECU signal access d In
case DcmDspDataUsePort is set to {USE_DATA_SENDER_RECEIVER,
USE_DATA_SENDER_RECEIVER_AS_SERVICE, USE_BLOCK_ID,
USE_ECU_SIGNAL}, the usage of variable data length shall be not allowed. c
()
[SWS_Dcm_CONSTR_6031] d The DcmDspData.SHORT-NAME and DcmDspPid-
Data.SHORT-NAME shall be distinct. c()
Note: Variable data length is only possible with UINT8 arrays with DcmDspDataType
set to UINT8_DYN.
7.2.4.4 Dcm_OpStatusType
For the operation using the Dcm_OpStatusType, the Dcm shall work as follow :
[SWS_Dcm_00527] d At first call of an operation using the Dcm_OpStatusType, the
Dcm call the operation with OpStatus = DCM_INITIAL c()
[SWS_Dcm_00528] d If the value DCM_E_FORCE_RCRRP is returned from an oper-
ation using Dcm_OpStatusType, the Dcm shall invoke the transmit request for RCR-RP
(NRC 0x78 transmission) and the Dcm shall not realize further invocation of the opera-
tion till RCR-RP is transmitted. c()
[SWS_Dcm_00529] d After transmit confirmation of a RCR-RP transmitted on the con-
text of [SWS_Dcm_00528], the Dcm calls, from Dcm_MainFunction (due to call con-
text), the operation again with OpStatus = DCM_FORCE_RCRRP_OK. c()
[SWS_Dcm_00530] d If a DCM_E_PENDING value is returned from an operation us-
ing the Dcm_OpStatusType, the Dcm call the operation on each Dcm_MainFunction
call with OpStatus = DCM_PENDING as long as DCM_E_PENDING is returned. c()
7.3 Diagnostic Session Layer (DSL)
7.3.1 Introduction
[SWS_Dcm_00030] d All functional areas of the DSL submodule shall be in confor-

mance with the specifications ISO14229-1 [1] and the network-independent part of
ISO15765-3 [4]. c(SRS_Diag_04003, SRS_Diag_04015)
There is no network-dependent functional area in the DSL submodule. Within the con-
figuration, some parameters can be set dependent on the network.

Manager
7.3.2 Use cases
The DSL submodule provides the following functionalities:

• Session handling (as required by ISO14229-1 [1] and ISO 15765-3 [4])
• Application layer timing handling (as required by ISO14229-1 [1] and ISO 15765-
3 [4])
• Specific response behavior (as required by ISO14229-1 [1] and ISO 15765-3 [4])
• Authentication state handling per diagnostic connection (as required by ISO
14229-1:2018)
– Provide authentication state per connection
– Manage authentication state transitions
7.3.3 Interaction with other modules
The DSL has the following interaction with other modules:

• PduR module
– PduR module provides data of incoming diagnostic requests.
– The DSL submodule triggers output of diagnostic responses.
• DSD submodule
– The DSL submodule informs the DSD submodule about incoming requests
and provides the data.
– The DSD submodule triggers output of diagnostic responses.
• SW-Cs / DSP submodule. The DSL submodule provides access to security and
session state.
• ComM module
– The DSL submodule guarantees the communication behavior required by
the ComM module
7.3.4 Functional description
7.3.4.1 Overview
The DSL submodule provides the following functionality:

Request Handling
• Forward requests from the PduR module to the DSD submodule.

Manager
• Concurrent ”TesterPresent” (”keep alive logic”).

Response Handling
• Forward responses from the DSD submodule to the PduR module.
• Guarantee response timing to tester.
• Support of periodic transmission.
• Support of ResponseOnEvent (ROE) transmission.
• Support of segmented response.
• Support of ResponsePending response triggered by the application.
Security Level Handling
• Manage security level.
Session State Handling
• Manage session state.
• Keep track of active non-default sessions.
• Allows modifying timings.
Diagnostic Protocol Handling
• Handling of different diagnostic protocols.
• Manage resources.
Communication Mode Handling
• Handling of communication requirements (Full- / Silent- / No Communication).
• Indicating of active / inactive diagnostic.
• Enabling / disabling all kinds of diagnostic transmissions.
7.3.4.2 Forward requests from the PduR module to the DSD submodule
The PduR module indicates the Dcm module whenever a reception of new diagnos-
tic request content is started on a DcmRxPduId, which is assigned to the Dcm module.
This is done by calling Dcm_StartOfReception, which inform the Dcm module of the
data size to be received and provides the data of the first frame or single frame, and
allows the Dcm to reject the reception if the data size overflows its buffer size, or if the
requested service is not available. The further call to Dcm_CopyRxData request the
Dcm module to copy the data from the provided buffer to the Dcm buffer. If the recep-
tion of a diagnostic request is finished (when Dcm_StartOfReception succeeded)
the PduR module will call Dcm_TpRxIndication to give a receive indication to the
Dcm module. The Dcm shall be able to use generic connections, where the addressing

Manager
information is provided to Dcm by Dcm_StartOfReception via the MetaData of the

DcmRxPdu. This addressing information must be stored and used for the response
and for detection of requests from the same tester. see section 7.3.4.5 Generic Con-
nection Handling for further details.
[SWS_Dcm_00111] d The DSL submodule shall forward received data to the DSD sub-
module only after a call of Dcm_TpRxIndication with parameter Result = E_OK (see
[SWS_Dcm_00093]). c()
[SWS_Dcm_00241] d As soon as a request message is received (after a call of
Dcm_TpRxIndication with parameter Result = E_OK (see [SWS_Dcm_00093]) and
until a call to Dcm_TpTxConfirmation (see [SWS_Dcm_00351]) for the associated
Tx-DcmPduId), the DSL submodule shall block the corresponding DcmPduId. During
the processing of this request, no other request of the same DcmDslConnection (e.g.
an enhanced session can be ended by a OBD session) can be received, until the cor-
responding response message is sent and the DcmPduId is released again (except for
concurrent TesterPresent requests). c()
More descriptions of the APIs (prototype, input/output parameter) can be found in the
interface description of PduR module [11].
It is allowed to have different DcmPduIds for different diagnostic communication appli-
cations. For example:
• OBD DcmRxPduId: for reception of OBD requests,
• OBD DcmTxPduId: for transmission of OBD responses,
• UDS phys DcmRxPduId: for reception of UDS physically addressed requests,
• UDS func DcmRxPduId: for reception of UDS functionally addressed requests,
• UDS DcmTxPduId: for transmission of UDS responses.
Address type (physical/functional addressing) is configured per DcmRxPduId (see con-
figuration parameter DcmDslProtocolRx). A configuration per DcmRxPduId is possi-
ble because there will always be different DcmRxPduId values for functional and phys-
ical receptions, independent of the addressing format of the Transport Layer (extended
addressing, normal addressing).
7.3.4.2.1 Dcm_StartOfReception
[SWS_Dcm_00444] d If the requested size is large than the buffer available in the
DCM, the function Dcm_StartOfReception shall return BUFREQ_E_OVFL (see
[SWS_Dcm_00094]). c()
[SWS_Dcm_00788] d When processing a diagnostic request and in case DcmD-
slDiagRespOnSecondDeclinedRequest is set to TRUE, the Dcm module shall re-
turn BUFREQ_OK on Dcm_StartOfReception received on new request using a
different DcmDslConnection. c()

Manager
[SWS_Dcm_00789] d In case [SWS_Dcm_00788], the Dcm respond with a NRC 0x21

c()
[SWS_Dcm_00790] d When processing a diagnostic request, the Dcm module shall
reject (Dcm_StartOfReception shall return BUFREQ_E_NOT_OK) any new re-
quest using a different DcmDslConnection in case DcmDslDiagRespOnSecond-
DeclinedRequest is set to FALSE until the current diagnostic request processing is
over. c()
[SWS_Dcm_00557] d When processing a diagnostic request, the Dcm module shall
reject (Dcm_StartOfReception shall return BUFREQ_E_NOT_OK) any new diag-
nostic request with the same DcmDslConnection until the current diagnostic re-
quest processing is over. Concurrent TesterPresent requests will be accepted with
a BUFREQ_OK, but not further processed, as the running diagnostic request already
resets the session timeout timer (S3Server). c()
[SWS_Dcm_01145] d If the current session is a non-default session and a concur-
rent TesterPresent received on a different DcmDslConnection, this request will be
accepted with a BUFREQ_OK, but not further processed. E.g. it is not resetting the
session timeout timer (S3Server) c()
[SWS_Dcm_01146] d In case of [SWS_Dcm_01145] with reception on a higher priority
protocol, this will not lead to protocol preemption. c()
[SWS_Dcm_00642] d When the API Dcm_StartOfReception is invoked with TpS-
duLength equal to 0, the value BUFREQ_E_NOT_OK shall be returned and no further
action shall be taken. c(SRS_Diag_04147)
[SWS_Dcm_00655] d If the current session is a non-default session and a new diag-
nostic request with same or lower priority protocol than active one is detected, the Dcm
shall act according [SWS_Dcm_00788], [SWS_Dcm_00789] and [SWS_Dcm_00790].
c()
[SWS_Dcm_00656] d If the current session is the default session and a diagnostic re-
quest is in execution, for any new diagnostic request with same or lower priority protocol
than active one, the Dcm shall act according [SWS_Dcm_00788], [SWS_Dcm_00789]
and [SWS_Dcm_00790]. c()
[SWS_Dcm_00833] d Dcm_StartOfReception () shall be callable in interrupt con-
text. c()
7.3.4.2.2 Dcm_CopyRxData
[SWS_Dcm_00443] d If Dcm_StartOfReception returns BUFREQ_OK, the further

call to Dcm_CopyRxData shall copy the data from the buffer provided in info parame-
ter) to the Dcm buffer and update the bufferSizePtr parameter with remaining free place
in Dcm receive buffer after completion of this call. c()

Manager
[SWS_Dcm_00996] d When the APIDcm_CopyRxData is invoked with SduLength

from info equal to 0, the value BUFREQ_OK shall be returned and bufferSizePtr shall
be filled with the remaining size of the Rx buffer. c()
Note: The size of the Rx buffer is based on the buffer length, which is returned in the
parameter RxBufferSizePtr of API Dcm_StartOfReception. [SWS_Dcm_00342] d
After starting to copy the received data (see [SWS_Dcm_00443]), the Dcm module shall
not access the receive buffer until it is notified by the service Dcm_TpRxIndication
about the successful completion or unsuccessful termination of the reception. c()
Note: Dcm_TpRxIndication is only expected when Dcm_StartOfReception suc-
ceeded
[SWS_Dcm_00831] d Dcm_CopyRxData shall be callable in interrupt context. c()
7.3.4.2.3 Dcm_TpRxIndication
[SWS_Dcm_00344] d If Dcm_TpRxIndication is called with parameter Result dif-

ferent from E_OK, then the Dcm module shall not evaluate the buffer assigned to the
I-PDU, which is referenced in parameter DcmRxPduId. c()
Rationale for [SWS_Dcm_00344]: It is undefined which part of the buffer contains valid
data in this case
[SWS_Dcm_00345] d Dcm_TpRxIndication shall be callable in interrupt context. c
()
7.3.4.3 Concurrent ”TesterPresent” (”keep alive logic”)
It is possible, that functional ”TesterPresent” commands are sent by the tester in paral-
lel to physical requests/responses. This is called ”keep alive logic” in ISO14229-1 [1].
This functional ”TesterPresent” will be received on a separate DcmRxPduId (UDS func
DcmRxPduId) ), which is belonging to the same DcmDslConnection as the physical
request. A Dcm-internal receive buffer which is not configured explicitly, is used in this
case. Due to that reason, the functional TesterPresent (and only functional TesterPre-
sent without response) is handled in the following way:
[SWS_Dcm_00112] d When the PduR module calls Dcm_TpRxIndication with pa-
rameter Result=E_OK (see [SWS_Dcm_00093]) and if the request is a ”TesterPresent”
command with ”suppressPosRspMsgIndicationBit” set to TRUE (SID equal to 0x3E,
subfunction equal to 0x80), the DSL submodule shall reset the session timeout timer
(S3Server). c()
[SWS_Dcm_00113] d When the PduR module calls Dcm_TpRxIndication with pa-
rameter Result = E_OK (see [SWS_Dcm_00093]) and if the request is a ”TesterP-
resent” command with ”suppressPosRspMsgIndicationBit” set to TRUE (SID equal to

Manager
0x3E, subfunction equal to 0x80), the DSL submodule shall not forward this request to
the DSD submodule for further interpretation. c()
Rationale for [SWS_Dcm_00113]: Because of bypassing the functional ”TesterPre-
sent” in the DSL submodule, the Dcm module is able to receive and process next phys-
ical requests without any delay.
[SWS_Dcm_01168] d The Dcm shall handle a tester present request as concurrent
request only if it was received on a functional address with ”suppressPosRspMsgIndi-
cationBit” set to TRUE. c()
7.3.4.3.1 Dcm_CopyTxData
If the copied data is smaller than the length requested to transmit within the
service PduR_DcmTransmit() the Dcm module will be requested by the service
Dcm_CopyTxData to provide another data when the current copied data have been
transmitted.
[SWS_Dcm_00346] d If the function Dcm_CopyTxData is called and the Dcm module
successfully copied the data in the buffer provided in info parameter, then the function
shall return BUFREQ_OK. c()
[SWS_Dcm_00350] d Caveats of Dcm_CopyTxData:
• The value of parameter availableDataPtr of function Dcm_CopyTxData shall not
exceed the number of Bytes still to be sent.
• If this service returns BUFREQ_E_NOT_OK the transmit requests issued by
calling the service PduR_DcmTransmit() is still not finished. A final confirma-
tion (indicating an error with call of service Dcm_TpTxConfirmation) is re-
quired to finish this service and to be able to start another transmission (call
to PduR_DcmTransmit()). So it is up to the transport protocol to confirm the abort
of transmission.
c()
[SWS_Dcm_00832] d Dcm_CopyTxData shall be callable in interrupt context. c()
7.3.4.3.2 Dcm_TpTxConfirmation
[SWS_Dcm_00352] d If the function Dcm_TpTxConfirmation is called, then the Dcm

module shall unlock the transmit buffer. c()
[SWS_Dcm_00353] d If the function Dcm_TpTxConfirmation is called, then the Dcm
module shall stop error handling (Page buffer timeout, P2ServerMax/P2*ServerMax
timeout ). c()

Manager
[SWS_Dcm_00354] d Dcm_TpTxConfirmation shall be callable in interrupt context

(e.g. from a transmit interrupt) c()
For transmission via FlexRay the following restriction has to be considered: Since the
FlexRay Specification does not mandate the existence of a transmit interrupt, the exact
meaning of this confirmation (i.e. "transfer into the FlexRay controller’s send buffer" OR
"transmission onto the FlexRay network") depends on the capabilities of the FlexRay
communication controller and the configuration of the FlexRay Interface.
7.3.4.4 Forward responses from the DSD submodule to the PduR module
[SWS_Dcm_00114] d The DSD submodule shall request the DSL submodule for trans-
mission of responses. c()
[SWS_Dcm_00115] d When the diagnostic response of a DcmDslMainConnection
is ready, the DSL submodule shall trigger the transmission of the diagnostic response
to the PduR module by calling PduR_DcmTransmit() using the corresponding DcmD-
slProtocolTxPduRef parameter as PduId. c()
[SWS_Dcm_01072] d In case of PeriodicTransmission, the Dcm shall provide in the call
to PduR_DcmTransmit() the full payload data and expect no call to Dcm_CopyTxData.
c()
[SWS_Dcm_01073] d In case of PeriodicTransmission, the Dcm will be called for pe-
riodic transmission with Dcm_TxConfirmation to indicate the transmission result. c
()
Responses are sent with the DcmTxPduId, which is linked in the Dcm module config-
uration to the DcmRxPduId, i.e. the ID the request was received with (see configu-
ration parameter DcmDslProtocolTx) Within PduR_DcmTransmit() only the length
information and, for generic connections, the addressing information, is given to the
PduR module. After the Dcm module has called successfully PduR_DcmTransmit(),
the PduR module will call Dcm_CopyTxData to request the Dcm module to provide the
data to be transmitted and will call Dcm_TpTxConfirmation after the complete PDU
has successfully been transmitted or an error occurred. see section 7.3.4.5 "Generic
Connection Handling for further details on address information handling within generic
connections".
[SWS_Dcm_00117] d If the DSL submodule receives a confirmation after the com-
plete Dcm PDU has successfully been transmitted or an error occurred by a call of
Dcm_TpTxConfirmation, then the DSL submodule shall forward this confirmation to
the DSD submodule. c()
[SWS_Dcm_00118] d In case of a failed transmission (failed PduR_DcmTransmit() re-
quest) or error confirmation (Dcm_TpTxConfirmation with error), the DSD submod-
ule shall not repeat the diagnostic response transmission. c()
Note: Dcm_TpTxConfirmation is only expected when PduR_DcmTransmit suc-
ceeded.

Manager
[SWS_Dcm_01166] d If the Multiplicity of DcmDslProtocolTx is set to "0" the Dcm

shall process the received diagnostic request without sending a response. c()
More descriptions of the APIs (prototype, input/output parameter) can be found in the
interface description of the PduR module [11].
7.3.4.5 Generic Connection Handling
The Dcm shall be able to handle generic connections, identified by DcmPdus with Meta-
DataItems of type SOURCE_ADDRESS_16 and TARGET_ADDRESS_16. These con-
nections carry the actual tester address at run time. Please note that this address is
not provided to the application. If the application needs to discern different testers, sep-
arate connections have to be created. Generic connections are supported for diagnos-
tics over IP and FlexRay diagnostics, and CAN diagnostics using normal fixed or mixed
29 bit addressing formats according to ISO15765-2 [12]. Depending on the actual lay-
out of the CAN IDs, generic connections could also be used for extended or normal and
mixed 11 bit addressing formats. The Dcm is not aware of the actual addressing format
used by CanTp. Several connections may reference the same DcmPdus.
[SWS_Dcm_CONSTR_6044] d Generic connections shall be consistent. This means
that the MetaDataItems and the PduLength of all referenced PDUs of a DcmDslCon-
nection (DcmDslProtocolRxPduRef, DcmDslProtocolTxPduRef, DcmDslPe-
riodicTxPduRef, DcmDslRoeTxPduRef)are identical. c()
[SWS_Dcm_00848] d The source address of diagnostic requests received via
a generic connection must be stored. It is provided in the MetaDataItem
SOURCE_ADDRESS_16 provided via Dcm_StartOfReception. c()
[SWS_Dcm_00849] Target address for generic connection transmission d If the
Dcm is about to send a response, response on event, or periodic message for a
generic connection request, the Dcm shall set TARGET_ADDRESS_16 to the value
of the stored source address in the MetaDataPtr in the PduR_DcmTransmit(). c
(SRS_Diag_04153)
[SWS_Dcm_01429] d The source address of diagnostic requests received via a
generic connection shall be provided in the parameter TesterSourceAddress
to the application [SWS_Dcm_01339], [SWS_Dcm_01340], [SWS_Dcm_01341],
[SWS_Dcm_01342], [SWS_Dcm_00692], [SWS_Dcm_00694], [SWS_Dcm_00340],
[SWS_Dcm_00698]). c()
[SWS_Dcm_01347] d The target address of diagnostic requests received via a generic
connection can be provided in the MetaDataItem TARGET_ADDRESS_16 received via
Dcm_StartOfReception(). In this case, the Dcm shall ignore physical requests where
the target address is not equal to the configured ECU address DcmDspProtocolE-
cuAddr. c(SRS_Diag_04153)

Manager
[SWS_Dcm_01348] d The source address of the response transmitted via

generic connections can be read from the configuration parameter DcmDsp-
ProtocolEcuAddr. It shall be provided to PduR_DcmTransmit() in the Meta-
DataItem SOURCE_ADDRESS_16, if that is configured for the transmit PDU. c
(SRS_Diag_04153)
Note: If different source addresses are required for certain transmitted di-
agnostic messages of the same DcmDslProtocolRow, the MetaDataItem
SOURCE_ADDRESS_16 can be omitted from the PDUs, and the address can then
be configured in the lower layers. The same is possible for physical requests, where
the TARGET_ADDRESS_16 can be omitted from the PDUs.
7.3.4.6 Guarantee timing to tester by sending busy responses
[SWS_Dcm_00024] d If the Application (or the DSP submodule) is able to perform a

requested diagnostic task, but needs additional time to finish the task and prepare the
response, then the DSL submodule shall send a negative response with NRC 0x78 (Re-
sponse pending) when reaching the response time (DcmDspSessionP2ServerMax
- DcmTimStrP2ServerAdjust respectively DcmDspSessionP2StarServerMax -
DcmTimStrP2StarServerAdjust). c(SRS_Diag_04016)
Rationale for [SWS_Dcm_00024]: The DSL submodule guarantees the response tim-
ing to tester.
[SWS_Dcm_00119] d The DSL submodule shall send negative responses as required
in [SWS_Dcm_00024] from a separate buffer. c()
Rationale for [SWS_Dcm_00119]: This is needed in order to avoid overwriting the on-
going processing of requests, e.g. the application already prepared response contents
in the diagnostic buffer. The number of negative responses with NRC 0x78 (Response
pending) for one diagnostic request is limited by the configuration parameter DcmD-
slDiagRespMaxNumRespPend. This avoids deadlocks in the Application.
7.3.4.7 Support of periodic transmission
The UDS service ReadDataByPeriodicIdentifier (0x2A) allows the tester to request the
periodic transmission of data record values from the ECU identified by one or more
periodicDataIdentifiers.
[SWS_Dcm_00122] d The Dcm module shall send responses for periodic transmis-
sions using a separate protocol and a separate buffer of configurable size. c()
The DcmDslPeriodicTransmissionConRef configuration parameter allows linking
the protocol used to receive the periodic transmission request / transmit the periodic
transmission response to the protocol used for the transmission of the periodic trans-
mission messages. Note that multiple DcmTxPduIds can be assigned to the periodic

Manager
transmission protocol. The Dcm module respects several restrictions according to the
communication mode:
[SWS_Dcm_00123] d Periodic transmission communication shall only take place in
Full Communication Mode. c()
Periodic transmission events can occur when not in Full Communication Mode. So the
following requirement exists:
[SWS_Dcm_00125] d The Dcm module shall discard periodic transmission events be-
side Full Communication Mode and shall not queue it for transmission. c()
[SWS_Dcm_00126] d Periodic transmission events shall not activate the Full Commu-
nication Mode. c()
7.3.4.8 Support of ROE transmission
With the UDS Service ResponseOnEvent (0x86), a tester requests an ECU to start
or stop transmission of responses initiated by a specified event. Upon registering an
event for transmission, the tester also specifies the corresponding service to respond
to (e.g: UDS Service ReadDataByIdentifier 0x22).
[SWS_Dcm_00595] d The ROE functionality is enabled only if the container DcmD-
slResponseOnEvent exists. c()
7.3.4.8.1 ResponseOnEvent StateChar
[SWS_Dcm_00871] d The Dcm shall support several RoeEvents. Each RoeEvent can
have the states ”ROE cleared”, ”ROE stopped” and ”ROE started”. The transitions
from state to state are described in the following section. The Labels in Figure 7.4
represents the numbers of the sections. c()

Manager
stm RoeEv entStateMachine
[10]
Roe cleared [2] Roe stopped

[1] [3]
Initial
[8] [9] [5] [4]

[7]
Roe started
[6]
Figure 7.4: RoeEvent State Chart
7.3.4.8.1.1 Initializing Dcm (1)
[SWS_Dcm_00872] d The Dcm changes the state of each event to ’ROE cleared’ state
during Dcm_Init. c()
7.3.4.8.1.2 Transition from ’ROE cleared’ to ’ROE stopped’ (2)
[SWS_Dcm_00873] d By receiving a valid ROE setup request, the RoeEvent which is

addressed in the request changes to the ’ROE stopped’ state (see Table 2). c()
[SWS_Dcm_00874] d If the RoeEvent was setup with the StorageState set to
’storeEvent’ and no StartResponseOnEvent with StorageState set to ’storeEvent’ and
an EventWindowTime which is active over power cycles or clearResponseOnEvent has
been received afterwards the Dcm will change to ’ROE stopped’ state as soon as the
non-volatile information is available. c()
Note: If an Event is initialized once with StorageState set to ’StoreEvent’, it will
stay initialized until it is cleared by a ClearResponseOnEvent request (see also
[SWS_Dcm_00897]).
[SWS_Dcm_00951] d If for a RoeEvent the configuration parameter DcmDspRoeIni-
tialEventStatus is set to DCM_ROE_STOPPED, the Dcm will switch to ’ROE stopped’
state immediatly in the initialisation. c()
Note: DcmDspRoeInitialEventStatus set defines an initialisation of a RoeEvent
by configuration.

Manager
7.3.4.8.1.3 Transition from ’ROE stopped’ to ’ROE cleared’ (3)
[SWS_Dcm_00875] d By receiving a valid ROE request with the sub-function clear-

ResponseOnEvent (0x06) the RoeEvents change to the ’ROE cleared’ state. c()
7.3.4.8.1.4 Transition from ’ROE stopped’ to ’ROE started’ (4)
[SWS_Dcm_00876] d By receiving a valid ROE request with the sub-function startRe-

sponseOnEvent (0x05) all stopped RoeEvents change to the ’ROE started’ state. c
()
[SWS_Dcm_00902] d All RoeEvents which have been in ’ROE started’ state when
leaving the default session shall change back into ’ROE started’ state when (re-) en-
tering the default session. c()
[SWS_Dcm_00965] d If a valid StartResponseOnEvent request is received with a stor-
ageState set to StoreEvent and the EventWindowTime supports the StorageState in a
previous power cycle, the RoeEvent shall change from ’ROE stopped’ state to ’ROE
started’ state as soon as the non-volatile data is available. (This ROEEvent was set to
’ROE stopped’ according to [SWS_Dcm_00951]). c()
7.3.4.8.1.5 Transition from ’ROE started’ to ’ROE stopped’ (5)
[SWS_Dcm_00877] d By receiving a valid ROE request with the sub-function stopRe-

sponseOnEvent (0x00) the stopped RoeEvents change to the ’ROE stopped’ state. c
()
[SWS_Dcm_00878] d When the eventWindowTime times out the stopped RoeEvents
change to the ’ROE stopped’ state. c()
[SWS_Dcm_00879] d By leaving the current session all started RoeEvents shall
change to the ’ROE stopped’ state. c()
Note: RoeEvents are stopped when the current session is left, independent if the ses-
sion changes from a non-default session to the same or a different non-default session.
By leaving the default session the current active RoeEvents are stopped and stored (in
order to be re-started as soon the session changes back to the default session (see
[SWS_Dcm_00902]).
[SWS_Dcm_00952] d If a ROE request is received with the sub-function OnDTCSta-
tusChange and the RoeEvent is ’ROE started’, the RoeEvent for OnDTCStatusChange
changes to ’ROE stopped’ state and the ServiceToRespondTo shall be triggered by the
DTCStatusMask which is set by the new request. c()

Manager
7.3.4.8.1.6 Transition from ’ROE started’ to ’ROE started’ (6)
[SWS_Dcm_00880] d By receiving a valid ROE request with the sub-function StartRe-

sponseOnEvent (0x05) the Dcm answers positively and stays in ’ROE started’ state. ).
c()
7.3.4.8.1.7 Transition from ’ROE started’ to ’ROE cleared’ (7)
[SWS_Dcm_00884] d By receiving a valid ROE request with the sub-function clear-

ResponseOnEvent (0x06) all started RoeEvents change to the ’ROE cleared’ state. c
()
7.3.4.8.1.8 Transition from ’ROE cleared’ to ’ROE cleared’ (8)
[SWS_Dcm_00885] d If all RoeEvents are in ’ROE cleared’ state and a valid stopRe-
sponseOnEvent (0x00) request is received the Dcm shall reject the request with a neg-
ative Response with NRC 0x24 (requestSequenceError). c()
[SWS_Dcm_00886] d If all RoeEvents are in ’ROE cleared’ state and a valid StartRe-
sponseOnEvent (0x05) request is received the Dcm shall reject the request with a neg-
ative Response with NRC 0x24 (requestSequenceError). c()
[SWS_Dcm_00887] d If all RoeEvents are in ’ROE cleared’ state and a valid clear-
ResponseOnEvent (0x06) request is received the Dcm answers positively and the
RoeEvents stay in ’ROEcleared’ state.). c()
[SWS_Dcm_00888] d If the non-volatile data could not be read correctly, all RoeEvents
in ’ROE cleared’ state remain in ’ROE cleared’ state. c()
7.3.4.8.1.9 Transition from ’ROE cleared’ to ’ROE started’ (9)
[SWS_Dcm_00889] d If the EventWindowTime is active over power cycles and not

timed out, the Dcm shall reactivate all RoeEvents which were active in the default ses-
sion during the last power cycle as soon as the non-volatile information is available. c
()
[SWS_Dcm_00890] d If a valid StartResponseOnEvent request is received with a stor-
ageState set to StoreEvent and the EventWindowTime supports the StorageState in a
previous power cycle, the RoeEvent shall change to ’ROE started’ state as soon as the
non-volatile data is available. c()

Manager
7.3.4.8.1.10 Transition from ’ROE stopped’ to ’ROE stopped’ (10)
[SWS_Dcm_00891] d If a RoeEvent is in ’ROE stopped’ state and a valid stopRespon-

seOnEvent (0x00) request is received the Dcm shall respond positively to the request
and stay in the ’ROE stopped’ state. c()
[SWS_Dcm_00953] d If a ROE request is received with the sub-function OnDTCSta-
tusChange and the RoeEvent is already ’ROE stopped’ the RoeEvent for OnDTCSta-
tusChange shall stay in ’ROE stopped’ state but the event logic shall be updated with
the newly received DTCStatusMask. c()
7.3.4.8.2 ROE sub-functions
[SWS_Dcm_00892] d The Dcm shall support all ROE sub-functions marked as sup-
ported in Table 7.3. c()
Sub function Sub-function name Kind of ServiceTo Support
ID sub-function RespondTo status
0x00/0x40 stopResponseOnEvent Control Supported
0x01/0x41 onDTCStatusChange Setup 0x19, 0x0E Supported
0x02/0x42 onTimerInterrupt Setup Not supported
0x03/0x43 onChangeOfDataIdentifier Setup 0x22 Supported
0x04 reportActivatedEvents Control Supported
0x05/0x45 StartResponseOnEvent Control Supported
0x06/0x46 clearResponseOnEvent Control Supported
0x07/0x47 onComparisonOfValues Setup Not supported
Other OEM Specific Setup Not supported
Table 7.3: Supported sub function of Response on Event (0x86)
Note: If a user wants to support a sub-function with StorageState bit set, then it has to
be explicitly configured in the DSD. The Dcm will not mask the StorageState bit internally.
[SWS_Dcm_00893] d For each setup sub function the Dcm shall only support the one
fixed ServiceToRespondTo. The supported ServiceToRespondTo is listed in Table 7.3.
c()
7.3.4.8.3 EventWindowTime and StorageState
The EventWindowTime and StorageState are mandatory parameter in every ROE re-
quest. They can be contradicting between the setup request and the related control
request.
[SWS_Dcm_00903] d The Dcm shall evaluate the EventWindowTime from the setup
request. c()
[SWS_Dcm_00894] d he Dcm shall support in general the EventWindowTimes defined
in Table 7.4. c()

Manager
Value Name Active over

PowerCycles
0x02 Infinity Storage State
0x03 CurrentCycle No
0x04 CurrentAndFollowingCycle Yes
Table 7.4: Supported ROE EventWindowTime
[SWS_Dcm_00895] d The configuration parameter DcmDspRoeEventWindowTime

shall contain a list of all EventWindowTimes supported for this specific Ecu. c()
[SWS_Dcm_00896] d If the Roe request contains a different EventWindowTime than
configured in DcmDspRoeEventWindowTime the Dcm shall reject the request with a
negative response with the NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_01076] d If the Roe request has a storageState equal to storeEvent and
contains an EventWindowTime that is not infinite, the Dcm shall reject the request with
a negative response with the NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_00897] d If a RoeEvent is setup with StorageState set to storeEvent the
initialization shall be stored non-volatile to be restored in every following driving cycle
until it is cleared (see [SWS_Dcm_00874]). c()
[SWS_Dcm_00898] d A RoeEvent shall change to ’ROE started’ state at the beginning
of each following power cycle until a stopResponseOnEvent request with storage Stor-
ageState set to StoreEvent is received if the RoeEvent fulfills all following conditions
:
• The RoeEvent was started in default session
• The StartResponseOnEventRequest has a storageState set to ’StoreEvent’
• The setup request has the EventWindowTime inifinity and the storageState was
set to ’StoreEvent’.
c()
[SWS_Dcm_00905] d The EventWindowTime will end at the end of the current power
cycle if all of the following conditions are fulfilled:
• The EventWindowTime is set to infinity (0x02) during the setup request
• The RoeEvent was started in default-session
• The storageState was not set in the StartResponseOnEvent request
c()
[SWS_Dcm_00900] d If a RoeEvent set up with the EventWindowTime set to Cur-
rentAndFollowingCycle is started in default session, the EventWindowTime shall end
at the end of the next power cycle or with a clearResponseOnEvent/stopResponseOn-
Event request. c()

Manager
[SWS_Dcm_00901] d If a RoeEvent set up with the EventWindowTime set to Current-

Cycle is started in default session, the EventWindowTime shall end at the end of the
current power cycle or with a clearResponseOnEvent/stopResponseOnEvent. c()
[SWS_Dcm_00906] d If ResponseOnEvent is started in a non-default session, the
EventWindowTime ends if one of the following conditions is fulfilled:
• The power cycle ends
• Receiving a clearResponseOnEvent request
• Receiving a stopResponseOnEvent request
• With any session change.
c()
[SWS_Dcm_00907] d If the EventWindowTime times out and the power cycle is not
ended, the Dcm shall send a final positive Response to the setup request. c()
For the EventWindowTime infinity (0x02), ThisCycle (0x03), ThisAndNextCycle (0x04)
the Dcm will not send a final response because these EventWindow Times will end at
the end of an power cycle. There will also no final response if the session changes or
the service is stopped with a ’stopResponseOnEvent’ subfunction.
7.3.4.8.4 Pre-configuration of ResponseOnEvent
[SWS_Dcm_00908] d The Dcm shall only support Roe requests which where pre-
configured in the configuration. c()
Note: The pre-configuration gives the Dcm the freedom to optimized not configured
requests.
[SWS_Dcm_00909] d The Dcm supports the configuration container DcmDspRoe to
configure all supported ResponseOnEvent setup requests. c()
[SWS_Dcm_00954] Pre-configuraton of ROE events d If DcmDspRoeIni-
tialEventStatus is set to DCM_ROE_STOPPED, the Dcm shall behave according
RoeEvent set-up:
• StorageState set to "StoreEvent"
• EventWindowTime set to "infinity"
• DTCStatusMask set to value configured in DcmDspRoeDTCStatusMask in case
of onDTCStatusChange and
• DID set to the value given with DcmDspRoeDidRef in case of onChangeOf-
DataIdentifier
c()

Manager
[SWS_Dcm_01323] d Likewise, when responding to the reportActivatedEvents (0x04)

subfunction of the ResponseOnEvent (0x86) service, preconfigured events shall have
the storageState bit set within the corresponding eventTypeOfActiveEvent byte. c()
According to [SWS_Dcm_00954] and [SWS_Dcm_00897], the pre-configuration of
RoeEvents shall behave the same like received a received setup and start request in
previous driving cycles. If the storageState is set in the start/stop/clearedResponseOn-
EventRequest the pre configuration will be replaced with the newly received request.
7.3.4.8.5 Handling of event-trigger
7.3.4.8.5.1 ROE event-trigger onDTCStatusChange (0x01)
If a RoeEvent is in ’ROE started’ state and it is configured to onDTCStatusChange (see

container DcmDspRoeEvent), the Dcm triggers a ServiceToResponseTo as soon as
the Dem is reporting a DTCStatusChange which fits to the requested DTCStatusMask.
According to [SWS_Dcm_00909], the Dcm only supports preconfigured ROE requests.
Therefore the container DcmDspRoeOnDTCStatusChange needs to be configured if
onDTCStatusChange shall be used.
[SWS_Dcm_00912] d If the state of one RoeEvent that is configured for onDTC-
StatusChange changes to ’ROE started’ the Dcm shall evaluate the callback
Dcm_DemTriggerOnDTCStatus. c()
[SWS_Dcm_00913] d If the state of the RoeEvent, configured to OnDTC-
StatusChange, leaves ’ROE started’ the Dcm shall ignore the callback
Dcm_DemTriggerOnDTCStatus. c()
[SWS_Dcm_01410] d In case a request to clear the EventMemory is processed, the
Dcm shall ignore the callback Dcm_DemTriggerOnDTCStatus. c()
[SWS_Dcm_00914] d If the state of the RoeEvent is ’ROE started’ for
the sub-function OnDTCStatusChange shall trigger a serviceToRespondTo if
Dcm_DemTriggerOnDTCStatus is called and the DTCStatusNew fits to the corre-
sponding DTCStatusMask. c()
[SWS_Dcm_00915] d If an event is trigger for onDTCStatusChange, the Dcm shall exe-
cute a serviceToResponseTo 0x19 0x0E, if the DTCStatusNew fits to the corresponding
DTCStatusMask. c()
[SWS_Dcm_CONSTR_6054] Existence of DTCStatusMask d DcmDspRoeDTC-
StatusMask shall be present if DcmDspRoeInitialEventStatus is set to
DCM_ROE_STOPPED. c()

Manager
7.3.4.8.5.2 ROE event-trigger onChangeOfDataIdentifier (0x03)
If a RoeEvent is in ’ROE started’ state and it is configured to onChangeOfDataIdenti-

fier (see container DcmDspRoeEvent) , the Dcm triggers a ServiceToResponseTo as
soon as a SWC or a CDD is reporting a change of the DID referenced by DcmD-
spRoeDidRef (SWC or CCD reports DID change by call of Dcm_TriggerOnEvent).
According to [SWS_Dcm_00909], the Dcm only supports preconfigured ROE requests.
Therefore the Did in the ROE setup request with onChangeOfDataIdentifier has to be
linked as DcmDspRoeDidRef in the onChangeOfDataIdentifier configuration.
[SWS_Dcm_00918] d If a ResponseOnEvent is requested as onChangeOfDataIden-
tifier and the requested Did is not referred as DcmDspRoeDidRef for any DcmD-
spRoeEvent the Dcm shall reject the request with a negative response with NRC 0x31
RequestOutOfRange. c()
[SWS_Dcm_00920] d If Dcm_TriggerOnEvent is called and the passed RoeEvent
is active, the Dcm shall trigger an Event for this RoeEvent. c()
[SWS_Dcm_00921] d If an event is triggered for onChangeOfDataIdentifier, the Dcm
shall execute a serviceToResponseTo 0x22 with the Did which is referred for this
RoeEvent (DcmDspRoeDidRef) . c()
7.3.4.8.6 Trigger a ServiceToRespondTo
[SWS_Dcm_00922] d If a ServiceToRespondTo is triggered by a RoeEvent the Dcm

shall execute the ServiceToRespondTo as normal diagnostic service according to the
figure ’General server response behavior’ of ISO14229-1 [1]. c()
[SWS_Dcm_00558] d If a ServiceToRespondTo is triggered while the Dcm is already
executing a request on a different diagnostic Protocol the Dcm shall postpone the Ser-
viceToRespondTo until the execution of the service is finalized. c()
[SWS_Dcm_00923] d The Dcm shall only process the last ServiceToRespondTo. If
already a ServiceToRespondTo is postponed due to another service execution the new
respond shall overwrite the previous trigger. c()
[SWS_Dcm_00924] d If a ServiceToRespondTo is executed while a Request on a dif-
ferent diagnostic protocol is received the ServiceToRespondTo shall be canceled. c
()
[SWS_Dcm_00925] d If ServiceToRespondTo are pending when the RoeEvent
changes to the ’ROE cleared’ state or ’ROE stopped’ state the pending RoeEvent will
be removed. c()
[SWS_Dcm_00127] d If the UDS service ResponseOnEvent (0x86) is received with the
subservice StartResponseOnEvent, then the DSP sub-module shall store the respec-
tive configured connectionId of the received RxPduId for all RoeEvents which will be
started until the eventWindowTime times out. c()

Manager
[SWS_Dcm_00128] d The DSP submodule shall forward this stored connectionId as

parameter in the DslInternal_ResponseOnOneEvent() function, where it is used to trig-
ger a serviceToRespondTo. c()
Note: The Dcm stores the connectionId of the protocol where the ROE request is re-
ceived, independent if the serviceToResponseTo is sent to a same or a different Tx-
PduId. The connectionId links always the correct TxPduId, because there is only one
TxPduId for ServiceToRespondTo linked to one protocol (see ConfigurationParameter
DcmDslROEConnectionRef). If RoeEvents are active over power cycles the connec-
tionId needs to be stored over power cycles.
7.3.4.8.7 Send a ServiceToRespondTo
The Dcm supports the transmission from ServiceToResponseTo on the same TxPduId
like the ROE response is send (TYPE 1) or on a different TxPduId (TYPE 2).
[SWS_Dcm_00131] d The configured protocol buffer shall be used for transmission of
the ROE messages (as the reception shall use a separate protocol, a separate buffer
needs to be used for reception). c()
[SWS_Dcm_00926] d If a ROE request is received on a protocol DcmDslMainConnec-
tion, the Dcm shall send the ServiceToRespondTo on the protocol which is referred
as DcmDslROEConnectionRef. c()
Note: if the EventWindowTime ist active over more than this power cycle, the Dcm
has to store the protocol where the event was started.[SWS_Dcm_00927] d If the
referred Protocol for ResponseOnEvent (DcmDslROEConnectionRef) is configured
for TYPE1 the Dcm shall send the ServiceToRespondTo to the same TxPduID as the
ROE response is send to. c()
[SWS_Dcm_00928] d If the referred Protocol for ResponseOnEvent (DcmDslROECon-
nectionRef) is configured for TYPE2 the Dcm shall send the ServiceToRespondTo to
the configured TxPduID (see configuration parameter DcmDslRoeTxPduRef). c()
[SWS_Dcm_00132] d The content of the pMsgContext pointer (ROE message) shall
be copied into the buffer. c()
[SWS_Dcm_00133] d ROE communication shall only be performed in Full Communi-
cation Mode. The Dcm shall check the communication mode of the DcmDslProto-
colComMChannelRef in the DcmDslMainConnection. c()
[SWS_Dcm_00134] d ROE events shall be disabled in any other Communication Mode
except for the Full Communication Mode. c()
[SWS_Dcm_00135] d ROE events occurring in a communication mode different from
Full Communication Mode shall be discarded and not queued for later transmission. c
()

Manager
[SWS_Dcm_00136] d ROE events requested by the Application shall not activate the
Full Communication Mode. c()
[SWS_Dcm_01534] Authentication check for service to respond to d On transmis-
sion of the service to respond to, the Dcm shall perform the service authentication
checks and send a positive response only for services that have granted access to that
connection. c(SRS_Diag_04230)
[SWS_Dcm_CONSTR_6025] Reference to DcmDslResponseOnEvent connection
d Only one DcmDslROEConnectionRef shall reference DcmDslResponseOnEvent
connection. c()
[SWS_Dcm_CONSTR_6056] Dependency for DcmDslProtocolTransType d
DcmDslProtocolTransType shall be only present if the Dcm_ProtocolType is
configured to DCM_ROE_ON_CAN or DCM_ROE_ON_FLEXRAY or DCM_ROE_ON_IP. c
()
7.3.4.8.7.1 Roe transmission cycle
[SWS_Dcm_00601] d The Dcm module shall respect a minimum time between two (2)
consecutive Roe transmissions (see configuration parameter DcmDspRoeInterMes-
sageTime) c()
7.3.4.8.8 ResponseOnEvent in multiple client environments
[SWS_Dcm_00929] d If at least one RoeEvent is in ’ROE started’ state the Dcm shall
always process ROE request with the sub-function clearResponseOnEvent indepen-
dent of the DcmDslProtocol where the request is received. c()
always process ROE request with the sub-function stopResponseOnEvent independent
of the DcmDslProtocol where the request is received. c()
reject all ROE request received on a different DcmDslProtocol than the protocol
where the RoeEvents were started with an NRC 0x22 (ConditionsNotCorrect), except
for [SWS_Dcm_00929] and [SWS_Dcm_00930]. c()
[SWS_Dcm_01045] d Only TYPE2 messages will support parallel execution of Diag-
nosis response. c()

Manager
7.3.4.9 Support of segmented response (paged-buffer)
[SWS_Dcm_00028] d If enabled (DcmPagedBufferEnabled=TRUE), the Dcm mod-

ule shall provide a mechanism to send responses larger than the configured and allo-
cated diagnostic buffer. c()
[SWS_Dcm_CONSTR_6055] Dependency for DcmDslProtocolMaximumRe-
sponseSize d DcmDslProtocolMaximumResponseSize shall be only present if
DcmPagedBufferEnabled is set to TRUE. c()
[SWS_Dcm_01058] d If DcmPagedBufferEnabled == TRUE and the generated Re-
sponse for a Request is longer than DcmDslProtocolMaximumResponseSize, the
Dcm shall respond with NRC 0x14 (DCM_E_RESPONSETOOLONG). c()
[SWS_Dcm_01059] d If DcmPagedBufferEnabled == FALSE and the generated
Response for a Request is longer than Dcm_MsgContextType structure element res-
MaxDataLen, the Dcm shall respond with NRC 0x14 (DCM_E_RESPONSETOOLONG)
. c()
With paged-buffer handling the ECU is not forced to provide a buffer, which is as large
as the maximum length of response. Please note:
• paged-buffer handling is for transmit only - no support for reception.
• paged-buffer handling is not available for the Application (DCM-internal use only).
[SWS_Dcm_01186] d The Dcm shall provide the correct amount of Data requested
by the TP or return BUFREQ_E_BUSY in case the requested amount of data is not
available. c(SRS_Diag_04147)
Note: In case the requested amount of data is not available, the Dcm should fill up the
paged buffer immediately.
7.3.4.10 Support of ResponsePending response triggered by the Application
In some cases, e.g. in case of routine execution, the Application needs to request an
immediate NRC 0x78 (Response pending), which shall be sent immediately and not
just before reaching the response time (P2ServerMax respectively P2*ServerMax).
When the Dcm module calls an operation and gets an error status
DCM_E_FORCE_RCRRP, the DSL submodule will trigger the transmission of a
negative response with NRC 0x78 (Response pending). This response needs to be
sent from a separate buffer, in order to avoid overwriting the ongoing processing of the
request.

Manager
7.3.4.11 Manage security level
[SWS_Dcm_00020] d The DSL submodule shall save the level of the current active
security level. c(SRS_Diag_04005)
For accessing this level, the DSL submodule provides interfaces to:
• get the current active security level: Dcm_GetSecurityLevel
• set a new security level: DslInternal_SetSecurityLevel()
[SWS_Dcm_00033] d During Dcm initialization the security level is set to the value 0x00
(DCM_SEC_LEV_LOCKED). c(SRS_BSW_00101, SRS_Diag_04005)
[SWS_Dcm_00139] d The DSL shall reset the security level to the value 0x00 (i.e. the
security is enabled) under one of the following conditions: - if a transition from any
diagnostic session other than the defaultSession to another session other than the de-
faultSession (including the currently active diagnostic session) is performed or - if a
transition from any diagnostic session other than the defaultSession to the defaultSes-
sion (DslInternal_SetSecurityLevel()) (initiated by UDS Service DiagnosticSessionCon-
trol (0x10) or S3Server timeout) is performed. c()
Only one security level can be active at a time.
[SWS_Dcm_01329] d On every security level change the Dcm shall update the Mod-
eDeclarationGroup DcmSecurityAccess with the new security level. c()
[SWS_Dcm_CONSTR_6083] Dependency on DcmDspSecurityAttemptCoun-
terEnabled d If DcmDspSecurityNumAttDelay is not configured, the DcmDspSe-
curityAttemptCounterEnabled on the same DcmDspSecurityRow shall be set
to FALSE. c(SRS_Diag_04005)
7.3.4.11.1 Initialization sequence
[SWS_Dcm_01154] d At initialization, for each DcmDspSecurityRow entry for which

the DcmDspSecurityAttemptCounterEnabled configuration parameter is set to
TRUE, the corresponding Xxx_GetSecurityAttemptCounter shall be called in or-
der to get the value of the AttemptCounter for each of these DcmDspSecurityRow
entries. c()
[SWS_Dcm_01156] d If Xxx_GetSecurityAttemptCounter has returned
E_NOT_OK the attempt counter shall be set to the value configured in DcmDspSecu-
rityNumAttDelay of the according SecurityLevel. c()
[SWS_Dcm_01351] d If any Xxx_GetSecurityAttemptCounter opera-
tion returns a DCM_E_PENDING value, the Dcm shall interrupt calling the
Xxx_GetSecurityAttemptCounter() in order to resume this chain of calls within
the next Dcm_MainFunction() cycle. c()

Manager
Note: this may be the case when these values are stored within some specific non-
volatile memory.
[SWS_Dcm_CONSTR_6076] Dependency for DcmDspSecurityGetAttempt-
CounterFnc d DcmDspSecurityGetAttemptCounterFnc shall be present only if
DcmDspSecurityUsePort is set to USE_ASYNCH_FNC and DcmDspSecurityAt-
temptCounterEnabled is set to TRUE. c()
[SWS_Dcm_01352] d If the delay after the first call of the Dcm_MainFunction()
which is configured in DcmDspSecurityMaxAttemptCounterReadoutTime has
been reached and all the Xxx_GetSecurityAttemptCounter have not been called
yet (i.e. one operation has returned a DCM_E_PENDING status in the previous
Dcm_MainFunction() cycle), the pending operation shall be cancelled by a call with
the OpStatus set to DCM_CANCEL. c()
[SWS_Dcm_01353] d In the conditions of [SWS_Dcm_01352], the AttemptCounters
of remaining security levels (which have not been obtained via the calls to their
Xxx_GetSecurityAttemptCounter) shall be initialized with the value configured
in DcmDspSecurityNumAttDelay of the according SecurityLevel. c()
[SWS_Dcm_01354] d While not all Xxx_GetSecurityAttemptCounter operations
have returned a final status and the operation chain has not been cancelled, the con-
ditionsNotCorrect (0x22) NRC shall be returned to any SecurityAccess (0x27) request-
Seed subfunction request. c()
[SWS_Dcm_01355] d Once all the AttemptCounter values have been successfully
or unsuccessfully retrieved (all the Xxx_GetSecurityAttemptCounter() operations have
been executed and have returned a final, non-PENDING error value or the operation
chain has been cancelled), if at least one of the restored AttemptCounter values is
greater than or equal to the DcmDspSecurityNumAttDelay configured for its cor-
responding DcmDspSecurityRow, the Dcm shall start the SecurityDelayTimer with
the higher value of DcmDspSecurityDelayTimeOnBoot / DcmDspSecurityDe-
layTime of the according DcmDspSecurityRow. c()
[SWS_Dcm_01356] d A timer (DcmDspSecurityDelayTime, DcmDspSecurity-
MaxAttemptCounterReadoutTime) which is configured with 0 shall be considered
to have timed out instantaneously when it is started, i.e. shall have no delay effect. c()
[SWS_Dcm_CONSTR_6074] Dependency for DcmDspSecurityMaxAttempt-
CounterReadoutTime d DcmDspSecurityMaxAttemptCounterReadoutTime
shall be a multiple and at minimum equal to DcmTaskTime. c()
7.3.4.11.2 AttemptCounter update
[SWS_Dcm_01357] d A successful sendKey subfunction request or an expired Secu-

rityDelayTimer shall reset that security level’s specific AttemptCounter. c()

Manager
[SWS_Dcm_01155] d The Dcm shall call Xxx_SetSecurityAttemptCounter() (in case

the configuration parameter DcmDspSecurityAttemptCounterEnabled for the ac-
cording DcmDspSecurityRow is set to TRUE) when the Dcm has changed the attempt
counter to inform the application about the counter change. c()
[SWS_Dcm_CONSTR_6078] Dependency for DcmDspSecuritySetAttempt-
CounterFnc d DcmDspSecuritySetAttemptCounterFnc shall be present only if
DcmDspSecurityUsePort is set to USE_ASYNCH_FNC and the DcmDspSecurity-
AttemptCounterEnabled set to TRUE. c()
7.3.4.12 Manage session state
[SWS_Dcm_00022] d The DSL submodule shall save the state of the current active
session. c(SRS_Diag_04006)
For accessing this variable, the DSL submodule provides interfaces to:
• get the current active session: Dcm_GetSesCtrlType
• set a new session: DslInternal_SetSesCtrlType()
[SWS_Dcm_00034] d During Dcm initialization, the session state is set to the value
0x01 ("DefaultSession"). c(SRS_BSW_00101)
[SWS_Dcm_01062] d The call to Dcm_ResetToDefaultSession allows the appli-
cation to reset the current session to Default session and invokes the mode switch
of the ModeDeclarationGroupPrototype DcmDiagnosticSessionControl by calling
SchM_Switch_<bsnp>_DcmDiagnosticSessionControl(RTE_MODE_DcmDiagnostic
SessionControl_DCM_DEFAULT_SESSION). c()
Example: Automatic termination of an extended diagnostic session upon exceeding of
a speed limit.
7.3.4.13 Manage authentication state
The Dcm provides means for authenticated diagnostics. The DSL sub-module provides
an authentication state per diagnostic connection. It initializes this state upon startup
and takes care about fallback into non-authenticated states if the connection is idle for
some time.
[SWS_Dcm_01477] Authentication state per connection d The Dcm shall provide
an authentication state per configured DcmDslConnection. c(SRS_Diag_04230)
[SWS_Dcm_01478] Mode declaration group per authentication state d The Dcm
shall provide the state of each authentication state via the ModeDeclarationGroupPro-
totype DcmAuthentication_<ConnectionName>. c(SRS_Diag_04230)

Manager
The Dcm maintains an authentication state and mirrors this state to the mode dec-
laration group DcmAuthentication_<ConnectionName>. This mode declaration group
is intended to be changed only by the Dcm, however applications changing this state
have no influence on the Dcm authentication state.
[SWS_Dcm_01479] Authentication states d The Dcm shall support per connection
the two authentication states: c(SRS_Diag_04230)
• deauthenticated
• authenticated
Upon startup, the Dcm is in deauthenticated state or restores the persisted state. A
transition to authenticated state can only be done after the client successfully exe-
cuted the authentication sequence. In some use cases as in production, a frequent
power-on/power off sequence is performed. To keep the achieved authentication state
over the power off, there is a dedicated mode rule requesting the Dcm to persist the
authenticated state.
[SWS_Dcm_01480] Initialization of authentication state d If DcmDspAuthenti-
cationPersistStateModeRuleRef is not configured or the mode rule referenced
by DcmDspAuthenticationPersistStateModeRuleRef is evaluated to false, the
Dcm shall initialize within Dcm_Init all authentication states to deauthenticated state.
c(SRS_Diag_04230)
[SWS_Dcm_01481] Initialization of persisted authentication states d If the mode
rule referenced by DcmDspAuthenticationPersistStateModeRuleRef is eval-
uated to true, the Dcm shall initialize the persisted authentication state including role
and white list on each connection. c(SRS_Diag_04230)
Transitions between authenticated states are controlled by both DSL and DSP sub-
modules. The DSL sub-module is in charge for fallback of authenticated state into
deauthenticated state. The DSP sub-module is in charge for transition changes trig-
gered from a client by diagnostic services.
[SWS_Dcm_01482] Fallback to deauthenticated session on idle connection d The
Dcm shall make a transition from authenticated into deauthenticated state for a config-
ured connection if the following conditions apply:
• The Dcm was in default session when the last diagnostic response was send on
that connection and
• DcmDspAuthenticationDefaultSessionTimeOut is configured
and no valid diagnostic request was received on that connection for
DcmDspAuthenticationDefaultSessionTimeOut seconds after the
last Dcm_TpTxConfirmation on that connection.
c(SRS_Diag_04230)
[SWS_Dcm_01483] Fallback to deauthenticated session on S3server timeout d
If the Dcm is in a non-default session and a S3server timeout occurs, the Dcm

Manager
shall perform a transition from authenticated into deauthenticated state on the au-
thentication state assigned to that connection which was in a non-default session. c
(SRS_Diag_04230)
[SWS_Dcm_01484] Clearing persisted authentication state d If the authentication
state of a connection performs a transition to deauthenticated state, the Dcm shall clear
all persisted authentication information on that connection. c(SRS_Diag_04230)
[SWS_Dcm_01485] Reaction of fallback into deauthenticated state d Upon a tran-
sition from authenticated into deauthenticated state, the Dcm shall discard the current
role, white list and use the configured deauthentication role from DcmDspAuthenti-
cationDeauthenticatedRole. c(SRS_Diag_04230)
In some use cases, it is desirable that the application set the role instead of using
a diagnostic service with its potentially time-consuming certificate parsing. The Dcm
provides the API Dcm_SetDeauthenticatedRole to overwrite the configured deau-
thentication role. The overwritten role is only valid in deauthenticated state will not be
persisted and is overwritten by a role provided by certificates via service 0x29.
[SWS_Dcm_01486] Default authentication role set from SWC d If a connection is
in deauthenticated state and the API Dcm_SetDeauthenticatedRole is called, the
Dcm shall use the provided deauthenticatedRole as new role per deauthenticated state
for this connection. c(SRS_Diag_04230)
[SWS_Dcm_01487] Setting deauthenticated role by SWC only in deauthenticated
state d The Dcm shall process a call of Dcm_SetDeauthenticatedRole only if the
connection is in deauthenticated state. c(SRS_Diag_04230)
[SWS_Dcm_01488] Lifetime of deauthenticated role by SWC d A deauthenticated
role set by Dcm_SetDeauthenticatedRole is discarded when that connection per-
forms a transition authenticated state. c(SRS_Diag_04230)
[SWS_Dcm_01489] No persistency for deauthenticated roles by SWC d At startup
the ECU shall always use the deauthentication state configured in DcmDspAuthen-
ticationDeauthenticatedRole. c(SRS_Diag_04230)
7.3.4.14 Keep track of active non-default sessions
[SWS_Dcm_00140] d Whenever a non-default session is active and when the ses-

sion timeout (S3Server) is reached without receiving any diagnostic request, the DSL
submodule shall reset to the default session state ("DefaultSession", 0x01) and in-
voke the the mode switch of the ModeDeclarationGroupPrototype DcmDiagnosticSes-
sionControl by calling SchM_Switch_<bsnp>_DcmDiagnosticSessionControl(RTE_
MODE_DcmDiagnosticSessionControl_DEFAULT_SESSION) . c()
Note: <bsnp> is the BSW Scheduler Name Prefix
The start / stop of S3Server timeout timer is processed as follows:

Manager
[SWS_Dcm_00141] d
Subsequent start:
• Completion of any final response message or an error indication
(Dcm_TpTxConfirmation: confirmation of complete PDU or indication of
an error)
• Completion of the requested action in case no response message (positive and
negative) is required / allowed.
• Indicates an error during the reception of a multi-frame request mes-
sage.(Dcm_TpRxIndication: indication of an error)
Subsequent stop:
• Start of a multi-frame request message (Dcm_StartOfReception: indicates
start of PDU reception)
• Reception of single-frame request message. (Dcm_StartOfReception: indi-
cates start of PDU reception)
"Start of S3Server" means reset the timer and start counting from the beginning. c()
7.3.4.15 Allow to modify timings
[SWS_Dcm_00027] d The Dcm module shall handle the following protocol tim-
ing parameters in compliance with [4]: P2ServerMin, P2ServerMax, P2*ServerMin,
P2*ServerMax, S3Server c(SRS_Diag_04015)
[SWS_Dcm_00143] d P2min / P2*min and S3Server shall be set to defined values:
P2min = 0ms, P2*min = 0ms, S3Server = 5s. c(SRS_Diag_04015)
These protocol timing parameters have influence on the session layer timing (no influ-
ence on Transport Layer timing). Some of these timing parameters can be modified
while protocol is active with the following means:
• UDS Service DiagnosticSessionControl (0x10)
• UDS Service AccessTimingParameter (0x83)
The DSL submodule provides the following functionalities to modify the timing parame-
ters:
• Provide the active timing parameters,
• Set the new timing parameters. Activation of new timing values is only allowed
after sending the response.

Manager
7.3.4.16 Handling of different diagnostic protocols
It is necessary to distinguish between different diagnostic protocols (e.g. OBD, en-

hanced diagnosis ...).
[SWS_Dcm_01365] d If the API Dcm_GetActiveProtocol is called, the Dcm shall
return the active UDS protocol as Dcm_ProtocolType in the ActiveProtocol pa-
rameter. c(SRS_Diag_04163)
[SWS_Dcm_01366] d If only an OBD protocol or no protocol is started and the API
Dcm_GetActiveProtocol is called, the Dcm shall return with ActiveProtocol pa-
rameter set to DCM_NO_ACTIVE_PROTOCOL. c(SRS_Diag_04163)
Note: The Dcm_GetActiveProtocol API doesn’t supply information about running
OBD protocols.
7.3.4.16.1 Different service tables
For the different protocols a different set of allowed diagnostic services is valid (e.g.
the UDS commands for the enhanced diagnosis, the OBD mode services for the OBD
protocol). It is possible to create different service tables and link them to the diagnostic
protocol.
[SWS_Dcm_00035] d With every protocol initialization, the DSL submodule sets a link
to the corresponding service table (see configuration parameter DcmDslProtocol-
SIDTable). c(SRS_BSW_00101)
The DSD submodule uses this link for further processing of diagnostic requests.
7.3.4.16.2 Prioritization of protocol
The configuration parameter DcmDslProtocolPriority makes it possible to give

each protocol its own relative priority. Possible use case: There are ECUs, communi-
cating with a vehicle-internal diagnostic tester (running on enhanced diagnosis) and a
vehicle-external OBD tester. The OBD communication must have a higher priority than
the enhanced diagnosis.
[SWS_Dcm_00015] d A protocol with higher priority is allowed to preempt the already
running protocol. c(SRS_Diag_04021)
Differentiation of diagnostic protocols is possible, because of different DcmRxPduId
values (configured per protocol, see configuration parameter DcmDslProtocolRxP-
duRef) referenced in the protocol configuration.

Manager
7.3.4.16.3 Preemption of protocol
[SWS_Dcm_00459] d If a running diagnostic request is preempted by a higher

priority request (of another protocol), the DSL submodule shall call all configured
Xxx_StopProtocol() functions (see configuration parameter DcmDslCallbackDCMRe-
questService). c()
[SWS_Dcm_01144] d Protocol preemption can’t be activated with a concurrent Tester-
Present of a higher priority protocol (see also [SWS_Dcm_01146]). c()
[SWS_Dcm_00079] d In order to cancel pending transmission in lower-layer, related to
the lower priority request, the Dcm module shall call PduR_DcmCancelTransmit () with
the following parameters: PduId: the id of the Pdu to be canceled c()
[SWS_Dcm_00460] d When PduR_DcmCancelTransmit() returns E_NOT_OK, the
Dcm module shall assume that the ongoing transmission cannot be cancelled and shall
not retry to cancel the transmit request. The current protocol shall be stopped and the
new one started. c()
[SWS_Dcm_01046] d If a running diagnostic request is preempted by a higher priority
request (of another protocol), the Dcm shall cancel all external pending operations with
Dcm_OpStatus set to DCM_CANCEL c()
[SWS_Dcm_01047] d In case an operation to the Dem is pending and the new request
also requires an interaction with the Dem, the Dcm shall accept the new request and
call the corresponding Dem API with the parameters from the new request. c()
[SWS_Dcm_00575] d In order to cancel pending reception in lower-layer, related to
the lower priority request, the Dcm module shall call PduR_DcmCancelReceive () with
the following parameters: PduId: the id of the Pdu to be canceled c()
[SWS_Dcm_00576] d When PduR_DcmCancelReceive () returns E_NOT_OK, the
Dcm module shall assume that the ongoing reception cannot be cancelled and shall
not retry to cancel the receiverequest. The current protocol shall be stopped and the
new one started. c()
[SWS_Dcm_00625] d A Low-priority or same-priority request can preempt a higher
priority protocol if this higher priority protocol is in default session and no active re-
quest is in execution phase. In this case the DSL submodule shall call all configured
Xxx_StopProtocol() functions (see configuration parameter DcmDslCallbackDCMRe-
questService). c()
[SWS_Dcm_00728] d The handling of protocols with equal priority shall be possible. c
()
[SWS_Dcm_00727] d If a diagnostic request is already running and a second request
(ClientB) can not be processed (e.g.due to priority assessment), the response be-
haviour depends on the configuration option parameter DcmDslDiagRespOnSecond-
DeclinedRequest (see [SWS_Dcm_00914]_Conf). If this configuration parameter is
TRUE, a negative response with NRC 0x21 (BusyRepeatRequest) shall be issued for

Manager
the second request (see [SWS_Dcm_00788] and [SWS_Dcm_00789]). If the configu-

ration parameter is FALSE, no response shall be issued (see [SWS_Dcm_00790]). c
()
[SWS_Dcm_00729] d In case of multiple clients with different PduIDs which are re-
questing the same protocol, as all the connections of the same protocol are having the
same priority, a second request (with the different RxPduId) will not be processed. If the
configuration parameter DcmDslDiagRespOnSecondDeclinedRequest is TRUE, a
negative response with NRC 0x21 (BusyRepeatRequest) shall be issued for the second
request. If the configuration parameter is FALSE, no response shall be issued. c()
[SWS_Dcm_01050] d In case of diagnostic parallel requests, with same / lower pri-
ority than the active request then the ComM APIs (ComM_DCM_ActiveDiagnostic,
ComM_DCM_InactiveDiagnostic) shall not be called. c()
7.3.4.16.4 Parallel OBD and UDS protocol processing
[SWS_Dcm_01367] d The Dcm shall process incoming OBD requests in paral-

lel to a running UDS request. In this case the protocol priority check accord-
ing to [SWS_Dcm_00015] is skipped and no protocol pre-emption is done. c
(SRS_Diag_04163)
With the container DcmDslProtocolRow, the Dcm configuration supports multiple pro-
tocols. Each protocol has a configured DcmDemClientRef defining the Dem client in-
teracting with the Dem. This client Id allows the Dem to distinguish between concurrent
calls of the Dcm of the same function or set of functions to process a certain request.
[SWS_Dcm_01369] d While processing a diagnostic request received from a given
protocol, the Dcm shall determine the DcmDemClientRef of the DcmDslProtocol-
Row of the processed protocol. The Dcm shall use this value in all Dem API calls that
have a ClientId as parameter. c(SRS_Diag_04162)
[SWS_Dcm_01370] d The Dcm shall internally serialise all asynchronous C/S interface
calls by the same port interface between the OBD and UDS protocol processors and
return a pending to the re-entrant caller. c(SRS_Diag_04162)
[SWS_Dcm_01371] d If the Dcm received an OBD request and the Dcm is process-
ing a diagnostic service in a non-default session, the Dcm shall cancel the running
UDS request, make a transition into default session and process the OBD request. c
(SRS_Diag_04162)
[SWS_Dcm_01372] d If the Dcm processes an OBD request and the Dcm is receiving
an UDS diagnostic request to change in a non-default session, the Dcm shall delay the
UDS request until the OBD service is finished according to [SWS_Dcm_01371]. After
the OBD service is finished, the Dcm shall make a transition into the requested non-
default session. c(SRS_Diag_04162)

Manager
7.3.4.16.5 Detection of protocol start
[SWS_Dcm_00036] d With first request of a diagnostic protocol, the DSL submod-

ule shall call all configured Xxx_StartProtocol() functions (see configuration parameter
DcmDslCallbackDCMRequestService). c(SRS_BSW_00101)
Inside this function, the Application can examine the environment conditions and en-
able/disable further processing of the protocol.
[SWS_Dcm_00144] d After all Xxx_StartProtocol() functions have returned E_OK
(meaning all components have allowed the start of the protocol), the default timing
parameters are loaded from the default session configuration (see configuration pa-
rameter DcmDspSessionRow). c(SRS_Diag_04015)
[SWS_Dcm_CONSTR_6000] Harmonize the naming between interfaces and
modes d The shortname of DcmDspSessionRow shall match names of
Dcm_SesCtrlType and of the mode declarations of DcmDiagnosticSessionControl. The
"DCM_" prefix is mandatory for all shortnames. c()
[SWS_Dcm_CONSTR_6001] Provide standardized names for ISO standardized
diagnostic sessions dThe following values of DcmDspSessionLevel which repre-
sent ISO defined diagnostic sessions shall be used for the shortname of DcmDspSes-
sionRow:
1 DCM_DEFAULT_SESSION
2 DCM_PROGRAMMING_SESSION
3 DCM_EXTENDED_DIAGNOSTIC_SESSION
4 DCM_SAFETY_SYSTEM_DIAGNOSTIC_SESSION
c()
(meaning all components have allowed the start of the protocol), the service table is
set (see configuration parameter DcmDslProtocolSIDTable). c()
(meaning all components have allowed the start of the protocol), the security state
is reset. c()
(meaning all components have allowed the start of the protocol), the ses-
sion state is reset to default session. Furthermore the Dcm module shall
invoke the the mode switch of the ModeDeclarationGroupPrototype DcmDiag-
nosticSessionControl by calling SchM_Switch_<bsnp>_DcmDiagnosticSessionCon-
trol(RTE_MODE_DcmDiagnosticSessionControl_DEFAULT_SESSION) . c()
Note: <bsnp> is the BSW Scheduler Name Prefix
[SWS_Dcm_00674] d If Xxx_StartProtocol() doesn’t return E_OK, the Dcm shall return
NRC 0x22. c()

Manager
7.3.4.16.6 Protocol stop
A protocol stop can appear only in case of protocol preemption (see chapter 7.3.4.16.3
Preemption of protocol).
[SWS_Dcm_00624] d With the reception of Dcm_TpTxConfirmation connected to
the response given by the DSL submodule, the Dcm shall not stop the current protocol
(no call to xxx_StopProtocol). c()
Note: A protocol (e.g. OBD) will be active till reset or other protocol preempts.
[SWS_Dcm_01190] d If Xxx_StopProtocol() doesn’t return E_OK, the Dcm shall return
NRC 0x22. c()
7.3.4.17 Manage resources
Due to limited resources, the following points should be considered as hints for the
design:
• It is allowed to use and allocate only one diagnostic buffer in the Dcm module.
This buffer is then used for processing the diagnostic requests and responses.
• Output of NRC 0x78 (Response pending) responses is done with a separate
buffer.
• paged-buffer handling (see [SWS_Dcm_00028]).
7.3.4.18 Communication Mode Handling
Communication Mode Handling is an interface between Dcm and ComM. The ComM
informs the Dcm about the current communication state of a channel. The Dcm is calling
the ComM about active Diagnostic which shall prevent an Ecu shutdown/sleep.
The status ActiveDiagnostic shows if diagnostic requests shall keep the ECU awake
(ActiveDiagnostic ==’DCM_COMM_ACTIVE’) or if diagnostic requests shall not pre-
vent an Ecu shutdown/sleep (ActiveDiagnostic ==’DCM_COMM_NOT_ACTIVE’). Ap-
plication can change the status ActiveDiagnostic regarding to system conditions.
[SWS_Dcm_CONSTR_6027] d The application will inform the Dcm by calling
Xxx_SetActiveDiagnostic() about the ActiveDiagnostic status. c()
[SWS_Dcm_01069] d After Dcm_Init, the Dcm shall set ActiveDiagnostic to
’DCM_COMM_ACTIVE’. c()
[SWS_Dcm_01070] d If Xxx_SetActiveDiagnostic() is called with ’false’ the Dcm set
ActiveDiagnostic to ’DCM_COMM_NOT_ACTIVE’. c()
[SWS_Dcm_01071] d If Xxx_SetActiveDiagnostic() is called with ’true’ the Dcm set
ActiveDiagnostic to ’DCM_COMM_ACTIVE’. c()

Manager
[SWS_Dcm_01142] d The Dcm shall wait the Full Communication mode indication
from the ComM (call to Dcm_ComM_FullComModeEntered) before initiating the trans-
mission of the diagnostic answer. The time to wait should be no longer than the
P2ServerMax calculated from the moment the request was received. c()
[SWS_Dcm_01143] d If the Dcm fails to confirm a response pending transmission
(DCM_E_FORCE_RCRRP) due to [SWS_Dcm_01142], the Dcm shall trigger the Det
error DCM_E_FORCE_RCRRP_IN_SILENT_COMM. c()
Note : On the reception side a silent communication mode can lead to the lost of the
request in case of segmented transmission.
7.3.4.18.1 No Communication
The ComM module will indicate the No Communication Mode to the Dcm module by
calling Dcm_ComM_NoComModeEntered. In response, the Dcm will immediately dis-
able all transmissions (see the definition of Dcm_ComM_NoComModeEntered for de-
tails).
[SWS_Dcm_00148] d Dcm_ComM_NoComModeEntered shall disable all kinds of
transmissions (receive and transmit) of communication. This means that the message
reception and also the message transmission shall be off. c()
[SWS_Dcm_00149] d Dcm_ComM_NoComModeEntered shall disable the Respon-
seOnEvent transmissions. c()
[SWS_Dcm_00150] d Dcm_ComM_NoComModeEntered shall disable the periodicId
transmissions (ReadDataByPeriodicIdentifier). c()
[SWS_Dcm_00151] d Dcm_ComM_NoComModeEntered shall disable normal trans-
missions. c()
[SWS_Dcm_00152] d After Dcm_ComM_NoComModeEntered has been called, the
Dcm module shall not call the function PduR_DcmTransmit(). c()
[SWS_Dcm_01324] d In case Dcm_ComM_NoComModeEntered is called with a Net-
workId for a ComM channel not referenced within the Dcm (see configuration parame-
ter DcmDslProtocolComMChannelRef), the Dcm shall return without performing any
further action. c()
7.3.4.18.2 Silent Communication
The ComM module will indicate the Silent Communication Mode to the Dcm module by
calling Dcm_ComM_SilentComModeEntered. In response, the Dcm will immediately
disable all transmissions (see the definition of Dcm_ComM_SilentComModeEntered
for details).

Manager
[SWS_Dcm_00153] d Dcm_ComM_SilentComModeEntered shall disable all trans-

mission. This means that the message transmission shall be off. c()
[SWS_Dcm_00154] d Dcm_ComM_SilentComModeEntered shall disable the Re-
sponseOnEvent transmissions. c()
[SWS_Dcm_00155] d Dcm_ComM_SilentComModeEntered shall disable the period-
icId transmissions (ReadDataByPeriodicIdentifier) shall be disabled. c()
[SWS_Dcm_00156] d Dcm_ComM_SilentComModeEntered shall disable the normal
transmissions. c()
[SWS_Dcm_01325] d In case Dcm_ComM_SilentComModeEntered is called with a
NetworkId for a ComM channel not referenced within the Dcm (see configuration pa-
rameter DcmDslProtocolComMChannelRef), the Dcm shall return without perform-
ing any further action. c()
7.3.4.18.3 Full Communication
The ComM module will indicate the Full Communication Mode to the Dcm module by
calling Dcm_ComM_FullComModeEntered. In response, the Dcm will enable all trans-
missions (see the definition of Dcm_ComM_FullComModeEntered for details).
[SWS_Dcm_00157] d Dcm_ComM_FullComModeEntered shall enable all kind of
communication. This means that the message reception and also the message trans-
mission shall be on. c()
[SWS_Dcm_00159] d Dcm_ComM_FullComModeEntered shall enable the Respon-
seOnEvent transmissions. c()
[SWS_Dcm_00160] d Dcm_ComM_FullComModeEntered shall enable the periodicId
transmissions (ReadDataByPeriodicIdentifier). c()
[SWS_Dcm_00161] d Dcm_ComM_FullComModeEntered shall enable the normal
transmissions. c()
[SWS_Dcm_00162] d After Dcm_ComM_FullComModeEntered has been called, the
Dcm shall handle the functions DslInternal_ResponseOnOneDataByPeriodicId() or
DslInternal_ResponseOnOneEvent() without restrictions. c()
[SWS_Dcm_01326] d In case Dcm_ComM_FullComModeEntered is called with a
NetworkId for a ComM channel not referenced within the Dcm (see configuration pa-
rameter DcmDslProtocolComMChannelRef), the Dcm shall return without perform-
ing any further action. c()

Manager
7.3.4.18.4 Diagnostic Activation State
The Dcm notifies the ComM module about the internal diagnostic state for all networks.
There are two options for the diagnostic state on a network. In ’active’ diagnostic state,
the Dcm is processing one or more diagnostic requests from this network or the Dcm is
in a non-default session. In ’inactive’ diagnostic state, the Dcm is in default session and
is not processing a diagnostic request on that network.
When a network has no communication in progress, the Dcm will set the diagnostic ac-
tivation state to ’inactive’. When there is a diagnostic communication on a network the
Dcm sets the diagnostic state to ’active’. In any non-default session, the diagnostic state
remains in state ’active’. The communication state can also be controlled by the API
Xxx_SetActiveDiagnostic according to [SWS_Dcm_01070] and [SWS_Dcm_01071].
[SWS_Dcm_01373] d The Dcm shall go into ’active’ diagnostic state on a network, if
a diagnostic request is received on a network or the diagnostic session is changed to
any non-default session. c(SRS_Diag_04006)
[SWS_Dcm_01374] d The Dcm shall go into ’inactive’ diagnostic state on a network
when the current diagnostic request processing is finished and the Dcm is not process-
ing a diagnostic request of another protocol on this network and if the Dcm is in default
session. c(SRS_Diag_04006)
[SWS_Dcm_01375] d The Dcm shall go into ’inactive’ diagnostic state on all networks
if a S3Server timeout occurs and the Dcm makes a transition into default session. c
(SRS_Diag_04006)
[SWS_Dcm_01376] d If ActiveDiagnostic is ’DCM_COMM_ACTIVE’ and the Dcm is
doing a transition into ’active’ diagnostic state of a diagnostic protocol, the Dcm shall
call ComM_DCM_ActiveDiagnostic(NetworkId), with the networkId associated to the
received Pdu (see DcmDslProtocolComMChannelRef), with every request, to in-
form the ComM module about the need to stay in Full Communication Mode. c
(SRS_Diag_04006)
[SWS_Dcm_01377] d Upon a diagnostic state transition into ’inactive’, the Dcm shall
notify the ComM module about an inactive diagnostic state on a network by calling
ComM_DCM_InactiveDiagnostic(NetworkId), with the networkId associated to the re-
ceived Pdu (see DcmDslProtocolComMChannelRef). c(SRS_Diag_04006)
[SWS_Dcm_01378] d The definition of a finished diagnostic request according to
[SWS_Dcm_01374], shall be as follows:
• the Dcm has sent a positive or negative response unequal to NRC 0x78 by receiv-
ing the Dcm_TpTxConfirmation connected to the response given by the DSL
submodule
• the Dcm has processed the service with SPRMIB=true and the positive response
was suppressed
• in case of functional addressing, the Dcm has processed the service and the
negative response was suppressed.

Manager
c(SRS_Diag_04006)
7.4 Diagnostic Service Dispatcher (DSD)
7.4.1 Introduction
The DSD submodule is responsible to check the validity of an incoming diagnostic re-
quest (Verification of Diagnostic Session/Security Access levels/Application permis-
sion) and keeps track of the progress of a service request execution.
[SWS_Dcm_00178] d The DSD submodule shall only process valid requests and shall
reject invalid ones. c()
7.4.2 Use cases
The following use cases are relevant and are described in detail in the following:
• Receive a request message and transmit a positive response message
• Receive a request message and suppress a positive response
• Receive a request message and suppress a negative response
• Receive a request message and transmit a negative response message
• Send a positive response message without corresponding request
• Segmented Responses
7.4.2.1 Receive a request message and transmit a positive response message
This is the standard use case of normal communication ("ping-pong"). The server
receives a diagnostic request message. The DSD submodule ensures the validity of
the request message. In this use case, the request is valid and the response will be
positive. The request will be forwarded to the appropriate data processor in the DSP
submodule. When the data processor has finished all actions of data processing, it
triggers the transmission of the response message by the DSD submodule.
If the data processor processes the service immediately as part of the request indica-
tion function, the data processor can trigger the transmission inside this indication func-
tion ("synchronous"). If the processing takes a longer time (e. g. waiting on EEPROM
driver), the data processor defers some processing ("asynchronous"). The response
pending mechanism is covered by the DSL submodule. The data processor triggers
the transmission explicitly, but from within the data processor’s context.

Manager
As soon as a request message is received, the corresponding DcmPduId is blocked by

the DSL submodule (see [SWS_Dcm_00241]). During the processing of this request,
no other request of the same protocol type (e.g. an enhanced session can be ended
by a OBD session) can be received, until the corresponding response message is sent
and the DcmPduId is released again.
7.4.2.2 Receive a request message and suppress a positive response
This is a sub-use-case of the previous one. Within the UDS protocol it is possible
to suppress the positive response by setting a special bit in the request message
(see [SWS_Dcm_00200]). This special suppression handling is completely performed
within the DSD submodule.
7.4.2.3 Receive a request message and suppress a negative response
In case of functional addressing the DSD submodule shall suppress the negative re-
sponse for NRC 0x11, 0x12, 0x31, 0x7E and 0x7F (see [SWS_Dcm_00001]).
7.4.2.4 Receive a request message and transmit a negative response message
There are a many different reasons why a request message is rejected and a negative
response is to be sent. If a diagnostic request is not valid or if a request may not be
executed in the current session, the DSD submodule will reject the processing and a
negative response will be returned.
But there are even many reasons to reject the execution of a well-formed request mes-
sage, e.g. if the ECU or system state does not allow the execution. In this case, the
DSP submodule will trigger a negative response including an NRC supplying additional
information why this request was rejected.
In case of a request composed of several parameters (e.g. a UDS Service Read-
DataByIdentifier (0x22) request with more than one identifier to read), each parameter
is treated separately. And each of these parameters can return an error. This kind of
request returns a positive response if at least one of the parameters was processed
successfully.
[SWS_Dcm_00827] d The DSD sub-module shall check the received diagnostic re-
quest in the order given by ISO14229-1 [1]. If one of the computations failed the Dcm
shall stop the execution of the NRC check sequence then stop or do not start the ex-
ecution of the received diagnostic request and finally transmit the NRC for which the
computation failed. c()

Manager
7.4.2.5 Send a positive response message without corresponding request
There are two services within the UDS protocol, where multiple responses are sent for
only one request. In general, one service is used to enable (and disable) an event- or
time-triggered transmission of another service, which again is sent by the ECU without
a corresponding request (see ISO14229-1 [1]). These services are:
• UDS Service ReadDataByPeriodicIdentifier (0x2A). This service allows the client
to request the periodic transmission of data record values from the server identi-
fied by one or more periodicDataIdentifiers.
Type 2 = UUDT message on a separate DcmTxPduId.
• ResponseOnEvent (0x86). This service requests a server to start or stop trans-
mission of responses on a specified event.
Type 1 = USDT messages on the DcmTxPduId already used for normal diagnos-
tic responses,
Type 2 = USDT messages on separate DcmTxPduId.
For Type 1, the outgoing messages must be synchronized with "normal outgoing
messages", which have a higher priority.
This handling is especially controlled by the DSL submodule. However, the DSD sub-
module also provides the possibility to generate a response without a corresponding
request.
7.4.2.6 Segmented Responses (paged-buffer)
Within the diagnostic protocol, some services allow to exchange a significant amount
of data, e.g. UDS Service ReadDTCInformation (0x19) and UDS Service TransferData
(0x36).
In the conventional approach, the ECU internal buffer must be large enough to keep
the longest data message which is to be exchanged (worst-case) and the complete
buffer is filled before the transmission is started.
RAM memory in an ECU often is a critical resource, especially in smaller micros. In
a more memory-saving approach, the buffer is filled only partly, transmitted partly and
then refilled partly - and so on. This paging mechanism requires only a significantly re-
duced amount of memory, but demands a well-defined reaction time for buffer refilling.
The user can decide whether to use the "linear buffer" or paged-buffer for diagnostics.

Manager
7.4.3 Interaction of the DSD with other modules
The DSD submodule is called by the DSL submodule when receiving a diagnostic mes-
sage and performs the following operations:
• delegates processing of request to the DSP submodule or external modules out-
side the Dcm
• keeps track of request processing (Return the status on <Module>_<Diagnos-
ticService>() and <Module>_<DiagnosticService>_<SubService>() APIs call or
"Service Interpreter calls")
• transmits the response of the Application to the DSL submodule (Transmit func-
tionality)
7.4.3.1 Interaction of the DSD with the DSL main functionality
Direction Explanation
Bidirectional Exchange of the Diagnostic Messages (receive/transmit).
DSD submodule to DSL Obtain latest diagnostic session and latest security level.
submodule
DSL submodule to DSD Confirmation of transmission of Diagnostic Message.
submodule
Table 7.5: Interaction between the DSD submodule and the DSL submodule
7.4.3.2 Interaction of the DSD with the DSP
Direction Explanation
DSD submodule to DSP - Delegate processing of request.
submodule - Confirmation of transmission of Diagnostic Message.
DSP submodule to DSD - Signal that processing is finished.
submodule
Table 7.6: Interaction of the DSD with the DSP
7.4.4 Functional Description of the DSD
7.4.4.1 Support checking the diagnostic service identifier and adapting the di-
agnostic message
The DSD submodule shall be triggered by the DSL submodule if a new diagnostic mes-
sage is recognized. The DSD submodule will start processing by analyzing the diag-
nostic service identifier contained in the received diagnostic message.

Manager
[SWS_Dcm_00084] d If configured (configuration parameter DcmRespondAllRe-

quest=FALSE), if the Dcm module receives a diagnostic request that contains a ser-
vice ID that is in the range from 0x40 to 0x7F or in the range from 0xC0 to 0xFF, the
Dcm shall not respond to such a request. c()
This range corresponds to the diagnostic response identifier.
[SWS_Dcm_00192] d The DSD submodule shall analyze the (incoming) diagnostic
message for the diagnostic service identifier (based on first byte of the diagnostic
message) and shall check the supported services with the newly received diagnos-
tic service identifier. c()
[SWS_Dcm_00193] d During this check, the DSD submodule shall search the newly
received diagnostic service identifier in the "Service Identifier Table". c()
For performance reasons it might be necessary that the support check is done with a
"lookup table" functionality. In this "Service Identifier Table" all supported Service IDs
of the ECU are predefined.
[SWS_Dcm_00195] d The DSL submodule shall provide the current "Service Identifier
Table" c()
Rationale for [SWS_Dcm_00195]: The "Service Identifier Table" and the information
about the supported services will be generated out of the configuration. More than one
Service Identifier Table can be configured for selection. At one time only one Service
Identifier Table can be active.
[SWS_Dcm_00196] d For the check, the DSD submodule shall scan the active "Ser-
vice Identifier Table" for a newly received diagnostic service identifier. If this service
identifier is supported and if the configuration parameter DcmDsdSidTabFnc (see
ECUC_Dcm_00777) is not empty, the DSD submodule shall call the configured service
interface (<Module>_<DiagnosticService>). If the configuration parameter is empty,
the Dcm shall call the internally implemented service interface. c()
The diagnostic service identifier is not supported when it is not included in the "Service
Identifier Table".
[SWS_Dcm_00197] d If the newly received diagnostic service identifier is not sup-
ported, the DSD submodule shall transmit a negative response with NRC 0x11 (Service
not supported) to the DSL submodule. c()
[SWS_Dcm_00198] d The DSD submodule shall store the newly received diagnostic
service identifier for later use. c()
For example: WriteDataByIdentifier (for writing VIN number):
1. A new diagnostic message is received by the DSL submodule. (Diagnostic Mes-
sage WriteDataByIdentifier = 0x2E, 0xF1, 0x90, 0x57, 0x30, 0x4C, 0x30, 0x30,
0x30, 0x30, 0x34, 0x33, 0x4D, 0x42, 0x35, 0x34, 0x31, 0x33, 0x32, 0x36)

Manager
2. The DSL submodule indicates a new diagnostic message with the "Data Indica-
tion" functionality to the DSD submodule. In the diagnostic message buffer the
diagnostic message is stored (buffer = 0x2E,0xF1,0x90,..).
3. The DSD submodule executes a check of the supported services with the de-
termined service identifier (first byte of buffer 0x2E) on the incoming diagnostic
message.
4. The incoming diagnostic message is stored in the Dcm variable
Dcm_MsgContextType.
[SWS_Dcm_CONSTR_6047] d Id of the Service identifier configured in DcmDsd-
SidTabServiceId shall be unique within one DcmDsdServiceTable. c()
[SWS_Dcm_00732] d For the first call of <Module>_<DiagnosticService> the opStatus
shall be set to DCM_INITIAL c()
[SWS_Dcm_00733] d The Dcm shall not accept further requests (on same or lower
priority) while <Module>_<DiagnosticService>() returns DCM_E_PENDING. Dcm-
internal timeout handling (based on RCR-RP limitation) may lead to a cancellation
of the external diagnostic service processing. c()
[SWS_Dcm_00735] d In case of cancellation the API <Module>_<DiagnosticService>
is called again with the parameter opStatus set to DCM_CANCEL c()
7.4.4.2 Handling of "suppressPosRspMsgIndicationBit"
The "suppressPosRspMsgIndicationBit" is part of the subfunction parameter structure

(Bit 7 based on second byte of the diagnostic message, see ISO14229-1 [1] Section
6.5: Server response implementation rules).
[SWS_Dcm_00200] d If the "suppressPosRspMsgIndicationBit" is TRUE, the DSD sub-
module shall NOT send a positive response message. c(SRS_Diag_04020)
[SWS_Dcm_00201] d The DSD submodule shall remove the "suppressPosRspMs-
gIndicationBit" (by masking the Bit) from the diagnostic message. c()
[SWS_Dcm_00202] d The Dcm module shall transport the information on a sup-
pression of a positive response being active (between the layers) via the parameter
Dcm_MsgContextType. c()
[SWS_Dcm_00203] d In case of responsePending the Dcm module shall clear the "sup-
pressPosRspMsgIndicationBit." c()
Rationale for [SWS_Dcm_00203]: In the described case the final response (negative/-
positive) is required.
[SWS_Dcm_00204] d The Dcm module shall only perform the "suppressPosRspMs-
gIndicationBit" handling when the configuration parameter DcmDsdSidTabSubfun-
cAvail is set for the newly received service identifier c()

Manager
Note: The "suppressPosRspMsgIndicationBit" handling needs to be considered inde-

pendent of the processing order in the request (like for RoutineControl service).
Rationale for [SWS_Dcm_00204]: The "suppressPosRspMsgIndicationBit" is only
available if a service has a subfunction.
7.4.4.3 Verification functionality
Prior of execution of a received diagnostic service, the DSD performs a set of verifica-
tions. The DSD will only accept a service, if all verifications are successfully passed.
[SWS_Dcm_01535] DSD verifications prior of service execution d The Dcm shall
only accept a diagnostic request, if the following verifications have been passed in the
following order: c(SRS_Diag_04230, SRS_Diag_04005, SRS_Diag_04006)
1. Verification of Manufacturer permission (Call of the manufacturer interface indi-
cation operation)
2. Verification of the SID
3. Verification of the service access control on the current authentication state
4. Verification of the Diagnostic Session
5. Verification of the Service Security Access levels
6. Verification of the Supplier permission (Call of the Supplier interface indication
operation)
7. Verification of the Mode rules for service IDs.
[SWS_Dcm_01474] d In case the DSD generates a NRC, the Dcm shall only call
XXX_Confirmation. c(SRS_Diag_04019)
This means that the Dcm will not call DspInternal_DcmConfirmation().
7.4.4.3.1 Verification of the diagnostic service access rights
The UDS service Authentication (0x29) is used to change the authentication state of a
diagnostic connection and to provide the access rights. Depending on the reached role
and provided white list a dynamic set of diagnostic services is available for the tester
on that connection. The DSD submodule verifies on service ID (SID) and sub-function
(SF) level, if a service can be executed or not.
[SWS_Dcm_01536] Authentication on UDS services only d The Dcm shall only ver-
ify the authentication for UDS services. A UDS service has a service ID within the
range of 0x10 and 0xFF. c(SRS_Diag_04230)
OBD services are explicitly excluded from authentication checks. By legislation the
OBD services need to be always available, independent from active authentication

Manager
state. If WWH-OBD is used the system engineer must ensure that these services are
always accessible.
[SWS_Dcm_01537] Verifying access rights d The Dcm shall only verify and check
the configured access rights of a diagnostic service, if the container DcmDspAuthen-
tication is configured. c(SRS_Diag_04230)
If no DcmDspAuthentication is configured, the Dcm will process all diagnostic services
as if the current connection would grant access to execute the current processed ser-
vice. Checking the access rights for diagnostic services is done at different levels of
the service structure. The use of diagnostic service access rights introduces means to
allow or to refuse a diagnostic service due to current roles and authentication states.
Some services shall always be allowed to be executed, like the service 0x29 (Authen-
tication) to set the current tester access rights. This service and other OEM or sup-
plier specific services should have granted access independent from the authentication
state. To realize this, the Dcm uses a default role that is used in all deauthenticated
states. In that state, all role based verifications are done as in authenticated state. The
active role is provided by the configuration.
[SWS_Dcm_01538] Access rights for services in deauthenticated state d If the
current connection is in deauthenticated state, the Dcm shall use the role configured
in DcmDspAuthenticationDeauthenticatedRole as current role for all role based access
verification checks. c(SRS_Diag_04230)
[SWS_Dcm_01539] Definition of allowed service execution d The Dcm shall allow
the service execution, if a role verification was successful or the service is allowed by
the white list. c(SRS_Diag_04233)
[SWS_Dcm_01540] Diagnostic service execution rights verification d The Dcm
shall check if a service execution is permitted in the current authentication check or
not. The Dcm shall perform the following checks in the given order below. If a check
grants access to a service, the remaining checks are skipped:
1. Checks on service ID level
2. Checks on service ID and sub-function level
3. Checks for services with one or multiple DIDs
4. Check on dynamically defined DIDs
5. Checks on service 0x31 per sub-function
6. Checks on service 0x19 parameter MemorySelection
c(SRS_Diag_04233)
[SWS_Dcm_01541] Service ID authentication check for UDS service requests d
Upon processing a diagnostic service, the Dcm shall grant access to the diagnostic
service if:

Manager
1. a DcmDsdServiceRole is configured for that service and the verification accord-

ing to [SWS_Dcm_01522] was successful or
2. the active white list on that connection has one entry for a SID (1-byte element)
which matches that service.
c(SRS_Diag_04233)
[SWS_Dcm_01542] Service with sub-function authentication check for UDS ser-
vice requests d Upon processing a diagnostic service with sub-function, the Dcm shall
grant access to the diagnostic service if:
1. a DcmDsdSubServiceRole is configured for that service and sub-function and the
verification according to [SWS_Dcm_01522] was successful or
2. the active white list on that connection has one entry for a SID with sub-function
(2-byte element) that matches that service and sub-function.
c(SRS_Diag_04233)
[SWS_Dcm_01543] d For 3 and 4 bytes white list for services entries, the Dcm shall
verify on the full length of the configured white list service element. The service is
granted access if the first bytes of the received request match the entire white list
entry. c()
[SWS_Dcm_01562] White list verification for services with 3 and 4 bytes d For 3
and 4 bytes white list for services entries, the Dcm shall verify on the full length of the
configured white list service element. The service is granted access if the first bytes of
the received request match the entire white list entry. c(SRS_Diag_04233)
Verification of byte 3 and 4 within the Dsd is beyond the scope of a typical Dsd opera-
tion. It provides means to extend the capabilities of white list service verifications and
gives means to adapt to legacy authentication solutions.
[SWS_Dcm_01544] Response behavior of services without access rights d If the
service execution verification fails due to a failed check in scope of [SWS_Dcm_01483],
the Dcm shall send a NRC 0x34 authenticationRequired and stop the service process-
ing. c(SRS_Diag_04230)
7.4.4.3.2 Verification of the Diagnostic Session
The UDS Service DiagnosticSessionControl (0x10) is used to enable different diagnos-

tic sessions in the ECU (e.g. Default session, Extended session). A diagnostic session
enables a specific set of diagnostic services and/or functionality in the ECU. It further-
more enables a protocol-depending data set of timing parameters applicable to the
started session.

Manager
On receiving a service request, the DSD module will obtain the current Diagnostic
Session with Dcm_GetSesCtrlType and will verify whether the execution of the re-
quested service (NOT the UDS Service DiagnosticSessionControl (0x10)) and sub-
service is allowed in the current diagnostic session or not.
Note that the handling of the UDS Service DiagnosticSessionControl (0x10) itself is not
part of the DSD submodule.
[SWS_Dcm_00211] d If the newly received diagnostic service is not allowed in the cur-
rent Diagnostic Session (according to the configuration parameter DcmDsdSidTab-
SessionLevelRef), the DSD submodule shall transmit a negative response with NRC
0x7F (serviceNotSupportedInActiveSession) to the DSL submodule. c()
[SWS_Dcm_00616] d If the newly received diagnostic service is allowed in the current
Diagnostic Session ( see [SWS_Dcm_00211]), but the requested subservice is not
allowed in the current Diagnostic Session (according to the configuration parameter
DcmDsdSubServiceSessionLevelRef), the DSD submodule shall transmit a neg-
ative response with NRC 0x7E (subFunctionNotSupportedInActiveSession) to the DSL
submodule. c()
7.4.4.3.3 Verification of the Service Security Access levels
The purpose of the Security Access level handling is to provide a possibility to access
data and/or diagnostic services, which have restricted access for security, emissions, or
safety reasons. The DSD submodule shall perform this handling with the UDS Service
SecurityAccess (0x27). The DSD submodule will perform a verification whether the
execution of the requested service (NOT the UDS Service SecurityAccess (0x27)) is
allowed in the current Security level by asking for the current security level, using the
DSL function Dcm_GetSecurityLevel.
The management of the security level is not part of the DSD submodule.
Note: For some use cases (e.g. UDS Service ReadDataByIdentifier (0x22), where
some DataIdentifier can be secure) it will be necessary for the Application to call also
the function Dcm_GetSecurityLevel.
[SWS_Dcm_00217] d If the newly received diagnostic service is not allowed in the
current Security level (according to the configuration parameter DcmDsdSidTabSe-
curityLevelRef), the DSD submodule shall transmit a negative response with NRC
0x33 (Security access denied) to the DSL submodule. c()
[SWS_Dcm_00617] d If the newly received diagnostic service is allowed in the current
Security level ( see [SWS_Dcm_00217]), but the requested subservice is not allowed in
the current Security level (according to the configuration parameter DcmDsdSubSer-
viceSecurityLevelRef), the DSD submodule shall transmit a negative response
with NRC 0x33 (Security access denied) to the DSL submodule. c()

Manager
7.4.4.3.4 Verification of the Service mode dependencies
[SWS_Dcm_00773] d If the newly received diagnostic service is not allowed in the

current mode condition (according to the configuration parameter DcmDsdSidTab-
ModeRuleRef), the DSD submodule shall transmit the calculated negative response
of the referenced DcmModeRule to the DSL submodule. c()
[SWS_Dcm_00774] d If the newly received diagnostic service is allowed in the cur-
rent mode condition [SWS_Dcm_00773], but the requested subservice is not allowed
in the current mode condition (according to the configuration parameter DcmDsdSub-
ServiceModeRuleRef), the DSD submodule shall transmit the calculated negative
response of the referenced DcmModeRule to the DSL submodule. c()
7.4.4.4 Check format and subfunction support
The DSD submodule checks whether a specific subfunction is supported before exe-
cuting the requested command.
[SWS_Dcm_00273] General sub-function supported NRC check d The DSD shall
send the negative response NRC 0x12 (sub-functionNotSupported ), if for the pro-
cessed service no configured DcmDsdSubService exists with the DcmDsdSubSer-
viceId of the processed service. This NRC check shall not be done for UDS Service
0x31 (RoutineControl). c()
The DSD submodule will check for the minimum message length before executing the
requested command.
[SWS_Dcm_00696] d The DSD submodule shall trigger a negative response with NRC
0x13 (Incorrect message length or invalid format), if the length of the request is inferior
to the minimum length of the request. c()
[SWS_Dcm_01411] d If DcmDsdSubService is configured for a DcmDsdService,
the Dcm shall support the sub-function configured in DcmDsdSubServiceId with
SPRMIB set to 0 or 1. c()
7.4.4.4.1 Verification of the Manufacturer Application environment/permission
The purpose of this functionality is that, just after receiving the diagnostic request, the
Manufacturer Application is requested to check permission/environment.
E.g. in after-run ECU state, it might be not allowed to process OBD requests.
[SWS_Dcm_00218] d If container DcmDsdServiceRequestManufacturerNoti-
fication exists, the DSD submodule shall call the operation Xxx_Indication on
all configured ServiceRequestIndication ports (see configuration parameter DcmDsd-
ServiceRequestManufacturerNotification). c()

Manager
[SWS_Dcm_00462] d If at least a single Xxx_Indication function called according

to [SWS_Dcm_00218] returns E_REQUEST_NOT_ACCEPTED, the DSD submodule
shall give no response. c()
[SWS_Dcm_01172] d In case of [SWS_Dcm_00462], the DSD shall only call
Xxx_Confirmation but not DspInternal_DcmConfirmation. c()
[SWS_Dcm_00463] d If at least a single Xxx_Indication function called accord-
ing to [SWS_Dcm_00218] has returned E_NOT_OK and no function has returned
E_REQUEST_NOT_ACCEPTED, the DSD submodule shall trigger a negative re-
sponse with NRC from the ErrorCode parameter. c()
[SWS_Dcm_01321] d If more than one Xxx_Indication function called, accord-
ing to [SWS_Dcm_00218], has returned E_NOT_OK and no function has returned
sponse using the ErrorCode parameter from the first Xxx_Indication returning
E_NOT_OK. c(SRS_Diag_04011)
7.4.4.4.2 Verification of the Supplier Application environment/permission
The purpose of this functionality is that, right before processing the diagnostic mes-
sage, the Supplier Application is requested to check permission/environment.
E.g. in after-run ECU state, it might be not allowed to process OBD requests.
[SWS_Dcm_00516] d If container DcmDsdServiceRequestSupplierNotifica-
tion exists, the DSD submodule shall call the operation Xxx_Indication on all
configured ServiceRequestIndication ports (see configuration parameter DcmDsdSer-
viceRequestSupplierNotification). c()
[SWS_Dcm_00517] d If at least a single Xxx_Indication function called according
to [SWS_Dcm_00516] returns E_REQUEST_NOT_ACCEPTED, the DSD submodule
shall give no response. c()
[SWS_Dcm_00518] d If at least a single Xxx_Indication function called accord-
ing to [SWS_Dcm_00516] has returned E_NOT_OK and no function has returned
sponse with NRC from the ErrorCode parameter. c()
[SWS_Dcm_01322] d If more than one Xxx_Indication function called, accord-
ing to [SWS_Dcm_00516], has returned E_NOT_OK and no function has returned
sponse using the ErrorCode parameter from the first Xxx_Indication returning
E_NOT_OK. c(SRS_Diag_04011)

Manager
7.4.4.5 Distribution of diagnostic message to DSP submodule
[SWS_Dcm_00221] d The DSD submodule shall search for the executable functionality
of the DSP submodule for newly received diagnostic service identifier and shall call the
corresponding DSP service interpreter. c()
7.4.4.6 Assemble positive or negative response
[SWS_Dcm_00222] d When the DSP submodule has finished the execution of the re-
quested Diagnostic Service the DSD submodule shall assemble the response. c()
The execution of the DSP service interpreter can have the results:
• positive Result or
• negative Result.
Following possible Responses can be assembled:
• positive Response,
• negative Response, or
• no Response (in the case of suppression of responses).
7.4.4.6.1 Positive Response
[SWS_Dcm_00223] d The DSD submodule shall add the response service identi-
fier and the response data stream (returned by the Application) in the parameter
"Dcm_MsgContextType". c()
[SWS_Dcm_00224] d The DSD submodule shall therefore transfer the
Dcm_MsgContextType into a (response) buffer and shall add the service identi-
fier at the first byte of the buffer. c()
[SWS_Dcm_00225] d The DSD submodule shall execute the "Initiate transmission"
functionality in the next execution step. c()
7.4.4.6.2 Negative Response
The DSP submodule can trigger the transmission of a negative response with a specific
NRC to the DSD submodule. For the allowed NRC of the executed Service ID please
refer to the specification of the service in ISO14229-1 [1] (see Section 4.2.4 Response
code parameter definition Table 12) and ISO15031-5 [2]. The DSP and the Application
have to take care of the correct use of NRC of the executed Service ID.

Manager
[SWS_Dcm_00228] d The DSD submodule shall handle all NRCs supported from the
Application and defined in Dcm_NegativeResponseCodeType. c()
7.4.4.6.3 Suppression of response
[SWS_Dcm_00231] d In the case that the "suppressPosRspMsgIndicationBit" is in-

dicated in the functionality "Handling of suppressPosRspMsgIndicationBit" (stored in
the Variable Dcm_MsgContextType (Element: Dcm_MsgAddInfo)), the DSD submod-
ule shall activate the suppression of Positive Responses. c()
[SWS_Dcm_00001] d In the case of a Negative Result of the execution and active
Functional Addressing the DSD submodule shall activate the suppression of the
following Negative Responses:
• NRC 0x11 (Service not supported),
• NRC 0x12 (SubFunction not supported),
• NRC 0x31 (Request out of range),
• NRC 0x7E (Subfunction not supported in active session),
• NRC 0x7F (Service not supported in active session)
c(SRS_Diag_04020)
7.4.4.7 Initiate transmission
[SWS_Dcm_00232] d The DSD submodule shall forward the diagnostic (response)

message (positive or negative response) to the DSL submodule. c()
[SWS_Dcm_00237] d The DSL submodule shall forward the diagnostic (response)
message (positive or negative response) further to the PduR module by executing a
DSL transmit functionality. c()
The DSL submodule will receive a confirmation by the PduR module upon forwarding
the data.
[SWS_Dcm_00235] d The DSL submodule shall forward the received confirmation
from the PduR module to the DSD submodule. c()
[SWS_Dcm_00236] d The DSD submodule shall forward the confirmation via the inter-
nal function DspInternal_DcmConfirmation() to the DSP submodule. c()
[SWS_Dcm_00238] d In the case that no diagnostic (response) message shall be sent
(Suppression of Responses) the DSL submodule shall not transmit any response. c()
In this case no Data Confirmation is sent from the DSL submodule to the
DSD submodule but the DSD submodule will still call internal function DspInter-
nal_DcmConfirmation().

Manager
[SWS_Dcm_00240] d In case the request has been fully processed by the Dcm, The
DSD submodule shall finish the processing of one Diagnostic Message of the Diagnos-
tic Service Dispatcher by calling DspInternal_DcmConfirmation(). c()
Rationale for [SWS_Dcm_00240]: The DSP submodule is waiting for the execution of
the DspInternal_DcmConfirmation() functionality. So it has to be sent, also when no
Data Confirmation is provided. Altogether this means that in any of the following cases:
• Positive Response,
• Negative Response,
• Suppressed Positive Response, and
• Suppressed Negative Response
The DSD submodule will finish by calling DspInternal_DcmConfirmation() (refer to
8.10.3 DspInternal_DcmConfirmation).
[SWS_Dcm_00741] d The DSD submodule shall call the operation Xxx_Confirmation()
on all ports using the ServiceRequestNotification interface (see configuration param-
eter DcmDsdServiceRequestManufacturerNotification and DcmDsdSer-
viceRequestSupplierNotification) c()
[SWS_Dcm_00742] d The call of Xxx_Confirmation() shall be done right after the call
of DspInternal_DcmConfirmation() c()
[SWS_Dcm_00677] d If the operation Indication() returns value
E_REQUEST_NOT_ACCEPTED, the Dcm module shall not send any diagnostic
response and shall end the current diagnostic request management. c()
[SWS_Dcm_00678] d If the operation Indication() returns value E_NOT_OK, the Dcm
module shall send a negative response with NRC value equal to ErrorCode parameter
value. c()
7.5 Diagnostic Service Processing (DSP)
7.5.1 General
When receiving a function call from the DSD submodule requiring the DSP submodule
to process a diagnostic service request, the DSP always carries out following basic
process steps:
• analyze the received request message,
• check format and whether the addressed subfunction is supported,
• acquire data or execute the required function call on the DEM, SW-Cs or other
BSW modules
• assemble the response

Manager
The following sections are some general clarifications.
7.5.1.1 Check format and subfunction support
The DSP submodule will check for appropriate message length and structure before
executing the requested command.
[SWS_Dcm_00272] d The DSP submodule shall trigger a negative response with NRC
0x13 (Incorrect message length or invalid format), when the analysis of the request
message results in formatting or length failure. c()
Note: It is up to the implementation in which detail the format check might be executed
and depends on the level of detail the diagnostic data description provides at compile
time.
7.5.1.2 Assemble response
[SWS_Dcm_00039] d The DSP submodule shall assemble the response message ex-
cluding response service identifier and determine the response message length. c
()
[SWS_Dcm_00038] d If the paged-buffer mechanism is used, the DSP submodule shall
determine the overall response length before any data is passed to the DSD submodule
or the DSL submodule respectively. c()
Requirement [SWS_Dcm_00038] is needed because of segmented diagnostic data
transmission on CAN using ISO15765-2 [12], which requires the provision of the over-
all length of the complete data stream in the very first CAN frame of the respective
data transmission (please refer to Section 7.3.4.9 for details about the paged-buffer
mechanism).
7.5.1.3 Negative Response Codes handling
[SWS_Dcm_00271] d Unless another particular NRC is specified,the DSP submodule

shall trigger a negative response with NRC 0x10 (generalReject), when the API calls
made to execute the service do not return OK. c()
[SWS_Dcm_01414] Accepted range of Dcm_NegativeResponseCodeType for
negative responses d If the Dcm calls an external application by any of the APIs hav-
ing the out parameter Dcm_NegativeResponseCodeType ErrorCode, the Dcm shall
accept only values in the range 0x01-0xFF in case the return value is E_NOT_OK. c()
[SWS_Dcm_01415] Behavior on application returning unexpected return code d
If the Dcm calls an API with the out parameter Dcm_NegativeResponseCodeType

Manager
ErrorCode and the application sets this parameter to DCM_POS_RESP and E_NOT_OK
is returned, the Dcm shall report the runtime error DCM_E_INVALID_VALUE. c()
[SWS_Dcm_00275] d The DSP submodule shall trigger a negative response with NRC
0x31 (Request out of range), when the analysis of the request message results in other
unsupported message parameters. c()
7.5.1.4 Diagnostic mode declaration groups
[SWS_Dcm_00775] d The Dcm shall act as a mode manager for the diagnostic modes:
1. DcmDiagnosticSessionControl (service 0x10)
2. DcmEcuReset (partly service 0x11)
3. DcmSecurityAccess (service 0x27)
4. DcmModeRapidPowerShutDown (partly service 0x11)
5. DcmCommunicationControl_<symbolic name of ComMChannelId>. (service
0x28)
6. DcmControlDTCSetting (service 0x85)
7. DcmResponseOnEvent_<RoeEventID> (service 0x86)
8. DcmAuthenticationState_<Symbolic Name of DcmDslMainConnection>
c()
Note: The RTE/SchM will prefix the names with "MODE_", wherefore the names do
not include the MODE keyword.
[SWS_Dcm_01327] d The Dcm shall define the ModeDeclarationGroupPrototype
DcmSecurityAccess as provided-ModeGroup based on the following ModeDeclara-
tionGroup:
1 ModeDeclarationGroup DcmSecurityAccess {
2 {
3 DCM_SEC_LEV_LOCKED
4 DCM_SEC_LEV_1
5 ...
6 DCM_SEC_LEV_63
7 }
8 initialMode = DCM_SEC_LEV_LOCKED
9 };
c()
[SWS_Dcm_01328] d
1 ModeSwitchInterface SchM_Switch_<bsnp>_DcmSecurityAccess {
2 isService = true;
3 SecLevel currentMode;
4 };

Manager
c()
DcmDiagnosticSessionControl as provided-ModeGroup based on the ModeDeclara-
tionGroup DcmDiagnosticSessionControl. c()
DcmEcuReset as provided-ModeGroup in its Basic Software Module instance based
on the ModeDeclarationGroup DcmEcuReset. c()
[SWS_Dcm_00807] d The Dcm shall define the ModeDeclarationGroupPrototype Dcm-
ModeRapidPowerShutDown as provided-ModeGroup in its Basic Software Module in-
stance based on the ModeDeclarationGroup DcmModeRapidPowerShutDown. c()
[SWS_Dcm_00780] d The Dcm shall define for each network which is consid-
ered in the CommunicationControl service a separate ModeDeclarationGroupProto-
type DcmCommunicationControl_<symbolic name of ComMChannelId> as provided-
ModeGroup in its Basic Software Module instance based on the ModeDeclara-
tionGroup DcmCommunicationControl. c()
[SWS_Dcm_00781] d The Dcm shall define the ModeDeclarationGroupPrototype Dcm-
ControlDTCSetting as provided-ModeGroup in its Basic Software Module instance
based on the ModeDeclarationGroup DcmControlDTCSetting. c()
[SWS_Dcm_00933] d The Dcm shall define for each RoeEvent a separate ModeDec-
larationGroupPrototype DcmResponseOnEvent_<Symbolic name of RoeEventId> as
provided-ModeGroup in its Basic Software Module instance based on the ModeDecla-
rationGroup DcmResponseOnEvent. c()
The Dcm provides a state machine for each RoeEvent (see Figure 7.4). The state for
a RoeEvent is needed by SWC to activate event reporting or report the Roe status to
a Did. Therefore the Dcm provides for each state of each RoeEvent a ModeDeclara-
tionGroupPrototype which reports the current state of the state machine as mode.
[SWS_Dcm_00934] d The ModeDeclarationGroupPrototype shall represent the cur-
rent state of the ROE state machine for this RoeEvent. c()
7.5.1.5 Environmental condition dependent execution
The execution of a diagnostic service or the acceptance of certificates can be re-

stricted to a mode condition. This enables the Dcm to formalize environmental
checks. For diagnostic service processing, a further check (see [SWS_Dcm_00773]
and [SWS_Dcm_00774]) can be configured to the Dcm. This is like session and secu-
rity checks. The referenced mode rule is arbitrating on to several mode declarations of
a mode declaration groups in which the request can be processed. Otherwise a con-
figurable NRC (see [SWS_Dcm_00812]) is responded. The same mode rule checks
can be applied on certificate validation. Certificates can be restricted to certain vehicle
properties, such as VIN or a certain version number. Only if all the conditions are valid,
the certificate is accepted by the Dcm.

Manager
[SWS_Dcm_00808] d The DcmModeRule shall evaluate all referenced DcmModeCon-

ditions and/or nested DcmModeRules either by a logical AND in case DcmLogical-
Operator is set to DCM_AND or by a logical OR in case the DcmLogicalOperator
is set to DCM_OR. In case only a single DcmModeCondition or DcmModeRule is ref-
erenced the DcmLogicalOperator shall not be present and therefore not be used. c
()
[SWS_Dcm_CONSTR_6028] d DcmModeCondition shall either have a DcmB-
swModeRef or a DcmSwcModeRef or a DcmSwcSRDataElementRef as external ref-
erence. c()
[SWS_Dcm_00810] d The DcmSwcModeRef and DcmBswModeRef of DcmModeCon-
ditions shall evaluate if the referenced Mode-Declaration is set in case of DcmCondi-
tionType is set to DCM_EQUALS or is not set in case of DcmConditionType is set
to DCM_EQUALS_NOT. c()
[SWS_Dcm_01119] Mode condition evaluation d For each mode condition, the Dcm
shall compare a compare value with a S/R data element. The compare value is pro-
vided by DcmSwcSRDataElementValueRef or DcmModeConditionConnectionCertifi-
cateCompareElementRef and the S/R Element is by DcmSwcSRDataElementRef. The
mode condition is evaluated to true if the S/R data element value is:
• equal to the compare value in case of DcmConditionType is set to
DCM_EQUALS
• unequal to the compare value in case of DcmConditionType is set to
DCM_EQUALS_NOT
• greater than the compare value in case of DcmConditionType is set to
DCM_GREATER_THAN
• greater or equal than the compare value in case of DcmConditionType is set
to DCM_GREATER_OR_EQUAL
• less than the compare value in case of DcmConditionType is set to
DCM_LESS_THAN
• less or equal than the compare value in case of DcmConditionType is set to
DCM_LESS_OR_EQUAL.
c()
[SWS_Dcm_CONSTR_6029] d The values DCM_GREATER_THAN,
DCM_GREATER_OR_EQUAL, DCM_LESS_OR_EQUAL and DCM_LESS_THAN
shall not used with a Mode reference (DcmBswModeRef or DcmSwcModeRef) . c()
Note: The current mode of the referenced ModeDeclarationGroupPrototypes could
be read by either the API SchM_Mode (in case of DcmBswModeRef) or by the API
Rte_Mode (in case of DcmSwcModeRef).

Manager
[SWS_Dcm_00811] d In case multiple DcmModeConditions are referenced within a

DcmModeRule they shall be evaluated in order of the index attributes of the EcucRef-
erenceValues for DcmArgumentRef. c()
Note: This implies the priority of NRCs
[SWS_Dcm_00782] d If a DcmModeRule is not referenced from the DcmDspAuthen-
ticationConnection, the Dcm shall use the optional parameter DcmModeRuleN-
rcValue as NegativeResponseCode in case the mode rule is evaluated to false. c
(SRS_Diag_04233)
Mode rules for DcmDspAuthenticationConnection are not part of the NRC eval-
uation.
[SWS_Dcm_00812] d In case a nested DcmModeRule contains also a DcmModeRu-
leNrcValue parameter, this NRC shall be used prior the higher-level NRC. c()
[SWS_Dcm_00813] d In case DcmLogicalOperator is set to DCM_AND, the first
failed DcmModeRule with an explicit configured NRC (DcmModeRuleNrcValue) shall
be used to define the NRC for the response message. c()
[SWS_Dcm_00814] d In case DcmLogicalOperator is set to DCM_OR, the last
failed DcmModeRule with an explicit configured NRC (DcmModeRuleNrcValue) shall
be used to define the NRC for the response message. c()
Note: The difference in the AND and OR logical operation is to allow an optimized
implementation.
[SWS_Dcm_00815] d In case the complete evaluation result in no specific NRC the
NRC 0x22 (ConditionsNotCorrect) shall be used. c()
[SWS_Dcm_00942] d The Dcm shall create for commonly used ModeDeclara-
tionGroupPrototype of each DcmSwcModeRef of DcmModeConditions a required
mode switch port referencing this ModeDeclarationGroupPrototype. The name pattern
of this port prototype shall be DcmModeUser_<ModeDeclarationGroupPrototype>" in
case the ModeDeclarationGroupPrototype shortname is unique. Otherwise the name
pattern is implementation specific, except the required prefix "DcmModeUser_". c()
Note: ModeDeclarationGroupPrototypes are not necessarily unique, wherefore the ex-
ception is required to avoid name clashes in the Dcm Service-SWC.
Examples on using mode dependent request execution:
General assumptions:
1. DcmModeRule1 consists of DcmModeCondition1, DcmModeRule2 and Dcm-
ModeRule3
2. DcmModeRule1 defines NRC 0x22
3. DcmModeRule2 and DcmModeRule3 do not have any sub-rules
4. DcmModeRule2 defines NRC 0x72

Manager
5. DcmModeRule3 does not define a NRC value

Example 1:
1) DcmModeRule1 uses an OR combination (DcmModeCondition1 OR Dcm-
ModeRule2 OR DcmModeRule3)
a) DcmModeCondition1 is failing
–> NRC 0x22 is returned
b) DcmModeRule2 is failing
c) DcmModeRule3 is failing
d) DcmModeCondition1, DcmModeRule2 and DcmModeRule3 are failing
e) DcmModeCondition1 and DcmModeRule3 are failing
Example 2:
1) DcmModeRule1 uses an AND combination (DcmModeCondition1 AND Dcm-
ModeRule2 AND DcmModeRule3)
a) DcmModeCondition1 is failing
b) DcmModeRule2 is failing
c) DcmModeRule3 is failing
d) DcmModeCondition1, DcmModeRule2 and DcmModeRule3 are failing
e) DcmModeCondition1 and DcmModeRule3 are failing
e) DcmModeRule2 and DcmModeRule3 are failing
[SWS_Dcm_CONSTR_6089] Only one compare element d In one DcmModeCon-

dition only one of the elements DcmSwcSRDataElementRef or DcmModeCondi-
tionCertificateCompareElementRef shall be configured. c(SRS_Diag_04232)
[SWS_Dcm_CONSTR_6090] Use of certificate compare elements d The Dcm-
ModeConditionCertificateCompareElementRef is only allowed, if the par-
ent DcmModeRule is referenced from a DcmDspAuthenticationConnection. c
(SRS_Diag_04232)
7.5.1.6 Sender/Receiver Communication
[SWS_Dcm_00964] d If DcmDspDiagnosisScaling is present, the Dcm shall derive

the CompuMethod from the DcmDspDiagnosisScaling container and add it to the

Manager
DataType in their respective port interface for S/R port of DataServices_{Data}

[SWS_Dcm_01035]. c()
7.5.1.7 Passing SwDataDefProps properties from DEXT file to the Dcm Service
SW-C
UseCase: Pass the SwDataDefProps details like CompuMethod, DataContraints and

Units to the Dcm Service SW-C and make them there available per DID DataElement /
per RoutineControl signal. Two alternative work flows are available.
7.5.1.7.1 DcmDspDiagnosticDataElementRef workflow
Figure 7.5: DcmDspDiagnosticDataElementRef Workflow
The feature of the DcmDspDiagnosticDataElementRef workflow is the use of a

EcucForeignReference inside the generated EcuC values. While importing the DEXT
information, a dedicated EcuC parameter is generated, which holds a EcucForeign-
Reference named DcmDspDiagnosticDataElementRef to a DiagnosticDataEle-
ment in the DEXT file. This EcucForeignReference enables the access to all Sw-
DataDefProps (BaseType, CompuMethod, DataConstr, etc.) of the corresponding Di-
agnosticDataElement. The container DcmDspAlternativeDiagnosticDataEle-
ment aggregates this EcucForeignReference. In the process step of generating the
corresponding Service SWC all needed content will be copied directly based on the
EcucForeignReference from DEXT to the Service SW-C. In this work flow the existence
of the DEXT file while the generation of the Service SW-C is required.

Manager
[SWS_Dcm_CONSTR_6053] d The aggregation of DcmDspTextTableMapping at

DcmDspAlternativeDataType is only valid if the category of the CompuMethod
of the DataType referenced by DcmDspAlternativeDataType.DcmApplicationDataType
has category set to TEXTTABLE or SCALE_LINEAR_AND_TEXTTABLE. c()
7.5.1.7.2 DcmDspAlternativeDataType.DcmApplicationDataType workflow
Figure 7.6: DcmDspAlternativeDataType.DcmApplicationDataType Workflow
The feature of the DcmDspAlternativeDataType.DcmApplicationDataType

workflow is that while importing the DEXT information beside the EcuC values also a
SW-C fragment is generated. In this SW-C fragment all needed SwDataDefProps are di-
rectly copied from the DEXT file. Inside the generated EcuC values the EcuC parame-
ter DcmDspAlternativeDataType.DcmApplicationDataType refers to the SWC
fragment and enables the access to all SwDataDefProps (BaseType, CompuMethod,
DataConstr, etc.). In the process step of generating the corresponding Service SW-C,
all needed content will be included based on the reference from DcmDspAlterna-
tiveDataType.DcmApplicationDataType to the SW-C fragment. In this work flow
the existence of the DEXT file while the generation of the Service SW-C is not required.
7.5.1.8 Asynchronous call behavior
[SWS_Dcm_01412] d If a Dem function returns DEM_PENDING, the Dcm shall call this
function again at a later point in time as long as DEM_PENDING is returned. c()

Manager
[SWS_Dcm_00120] d If the number of negative responses for a requested diag-

nostic tasks (see [SWS_Dcm_00024]) reaches the value defined in the configura-
tion parameter DcmDslDiagRespMaxNumRespPend, the Dcm module shall stop pro-
cessing the active diagnostic request, inform the application or BSW (if this diag-
nostic task implies the call to a SW-C interface or a BSW interface) by setting Op-
Status parameter, of active port interface, to DCM_CANCEL, report the runtime error
DCM_E_INTERFACE_TIMEOUT and shall send a negative response with NRC 0x10
(General reject). c()
[SWS_Dcm_01184] d The Dcm_SetProgConditions API shall be called again in
the next Dcm main function cycle if previous return status was E_PENDING. c()
[SWS_Dcm_00760] d The return of DCM_E_PENDING shall do a re-triggering (e.g.
in the next MainFunction cycle). c()
[SWS_Dcm_01413] d The return values of interfaces called with an OpStatus equal to
DCM_CANCEL shall be ignored c()
7.5.2 UDS Services
[SWS_Dcm_00442] d The Dcm module shall implement the services of UDS according
to Table 7.7.c()
SID Service Subfunction Supported
0x10 DiagnosticSessionControl Supported
0x11 ECUReset Supported
0x14 ClearDiagnosticInformation Supported
0x19 ReadDTCInformation Supported
0x22 ReadDataByIdentifier Supported
0x23 ReadMemoryByAddress Supported (callout)
0x24 ReadScalingDataByIdentifier Supported
0x27 SecurityAccess Supported
0x28 CommunicationControl Supported
0x29 Authentication Supported
0x2A ReadDataByPeriodicIdentifier Supported
0x2C DynamicallyDefineDataIdentifie Supported
0x2E WriteDataByIdentifier Supported
0x2F InputOutputControlByIdentifier Supported
0x31 RoutineControl Supported
0x34 RequestDownload Supported (callout)
0x35 RequestUpload Supported (callout)
0x36 TransferData Supported
0x37 RequestTransferExit Supported
0x38 RequestFileTransfer Supported (callout)
0x3D WriteMemoryByAddress Supported (callout)
0x3E TesterPresent Supported
0x83 AccessTimingParameter NRC
"ServiceNotSupported"
0x84 SecuredDataTransmission NRC
"ServiceNotSupported"
0x85 ControlDTCSetting On, off Supported

Manager
SID Service Subfunction Supported

0x86 ResponseOnEvent All excepted Supported
onComparisionOfValues
and OnTimerInterrupt
0x87 LinkControl User optional
Table 7.7: Support of UDS Services
7.5.2.1 General behavior using DEM interfaces
[SWS_Dcm_00007] d The Dcm module shall retrieve the DTCStatusAvailabilityMask

by using the function Dem_GetDTCStatusAvailabilityMask(). c()
The mask DTCStatusAvailabilityMask reflects the status bits supported by the ECU.
Note : Masking is performed in the module Dem and does not need to be done on Dcm
side (see SWS_Dem_00657 in [13]).
[SWS_Dcm_00371] d To ensure consistent event related data during the reading se-
quence, the Dcm module shall lock the update of event related data before reading
freeze frames or extended data records. The Dcm shall lock the update using the Dem
API Dem_DisableDTCRecordUpdate(). After the locking the Dcm shall read the event
related data by calls to:
• Dem_SelectExtendedDataRecord()
• Dem_GetSizeOfExtendedDataRecordSelection()
• Dem_GetNextExtendedDataRecord()
• Dem_SelectFreezeFrameData()
• Dem_GetSizeOfFreezeFrameSelection() and
• Dem_GetNextFreezeFrameData() After the event related data is read, the Dcm
shall re-enable updates by calling Dem_EnableDTCRecordUpdate().
c()
[SWS_Dcm_00702] d If function Dem_DisableDTCRecordUpdate() returns
DEM_PENDING, the Dcm shall retry to get the lock in the next Dcm_MainFunction.
c()
[SWS_Dcm_00700] d When the Dcm module receives a request with the DTCStatus-
Mask set to 0x00, it shall send positive response and shall not use the Dem interface
Dem_SetDTCFilter(). c()
Note: The parameter DTCFormat of the functions Dem_ClearDTC(),
Dem_SetDTCFilter(), Dem_SetFreezeFrameRecordFilter() and
Dem_GetNextFilteredDTCAndFDC() defines the output-format of the requested
DTC values for the sub-sequent API calls. For the 2-byte ISO15031-6 [14] DTC
format, the DTCFormat parameter shall be equal to DEM_DTC_FORMAT_OBD. For

Manager
the 2-byte ISO14229-1 DTC format, the DTCFormat parameter shall be equal to
DEM_DTC_FORMAT_UDS.
[SWS_Dcm_01160] d When the Dcm module receives a request with the DTCSever-
ityMask set to 0x00, it shall send a positive response as specified in ISO14229-1 [1]
and shall not use the Dem interface Dem_SetDTCFilter() c()
[SWS_Dcm_00835] d The Dcm shall call Dem_SetDTCFilter prior to
Dem_GetNumberOfFilteredDTC, any sequence of Dem_GetNextFilteredDTC,
any sequence of Dem_GetNextFilteredDTCAndFDC, as well as any sequence of
Dem_GetNextFilteredDTCAndSeverity. c()
[SWS_Dcm_00836] d The Dcm shall call Dem_SetFreezeFrameRecordFilter prior to
any sequence of Dem_GetNextFilteredRecord. c()
[SWS_Dcm_01127] d The Dcm module shall retrieve the DTCSeverityAvailabilityMask
by using the function Dem_GetDTCSeverityAvailabilityMask() c()
Note: The mask DTCSeverityAvailabilityMask reflects the severity bits supported by
the ECU.
[SWS_Dcm_01212] d If Dem_DisableDTCRecordUpdate() returns
DEM_WRONG_DTC, the Dcm shall send a NRC 0x31 (RequestOutOfRange). c
()
[SWS_Dcm_01213] d If Dem_DisableDTCRecordUpdate() returns
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (RequestOutOfRange).
c()
[SWS_Dcm_01234] d If Dem_GetNextFilteredDTCAndSeverity() returns
DEM_NO_SUCH_ELEMENT and at least one matching element could be re-
trieved before, the Dcm shall send a positive response including these data elements.
c()
[SWS_Dcm_01235] d If Dem_GetNextFilteredDTCAndSeverity() returns
DEM_NO_SUCH_ELEMENT and no matching element could be retrieved before, the
Dcm shall send a positive response only for service, subservice and mandatory data
specified in ISO 14229-1 [1]. c()
[SWS_Dcm_01242] d If Dem_GetSizeOfExtendedDataRecordSelection() returns
DEM_WRONG_DTC, DEM_WRONG_DTCORIGIN or DEM_NO_SUCH_ELEMENT,
the Dcm shall send a NRC 0x31 (RequestOutOfRange) c()
[SWS_Dcm_01250] d If Dem_GetStatusOfDTC() returns DEM_WRONG_DTC or
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (RequestOutOfRange).
c()
[SWS_Dcm_01409] d If Dem_GetStatusOfDTC() returns
DEM_NO_SUCH_ELEMENT, the Dcm shall send a positive response only for
service and subservice. c()

Manager
[SWS_Dcm_01255] d If Dem_SetDTCFilter() returns E_NOT_OK, the Dcm shall send

a NRC 0x31 (RequestOutOfRange). c()
7.5.2.2 Service 0x10 - Diagnostic Session Control
UDS Service 0x10 allows an external tester to enable different diagnostic sessions in
the server. A diagnostic session enables a specific set of diagnostic services and/or
functionality in the server. The service request contains the parameter:
• diagnosticSessionType
[SWS_Dcm_00250] d The Dcm module shall implement the UDS Service 0x10. c
(SRS_Diag_04006)
[SWS_Dcm_00307] d When responding to UDS Service 0x10, if the requested sub-
function value is not configured in the ECU (configuration parameter DcmDspSes-
sionLevel), the DSP submodule shall trigger a negative response with NRC 0x12
(SubFunction not supported). c()
If the requested subfunction value is configured, the following steps are processed
even if the requested session type is equal to the already running session type (see
ISO14229-1 [1] Section 9.2).
[SWS_Dcm_00311] d The send confirmation function shall set the new diagnos-
tic session type with DslInternal_SetSesCtrlType() and shall set the new timing
parameters (P2ServerMax, P2ServerMax*) (see configuration parameters DcmD-
spSessionP2ServerMax and DcmDspSessionP2StarServerMax) and do the mode
switch of the ModeDeclarationGroupPrototype DcmDiagnosticSessionControl by call-
ing SchM_Switch_<bsnp>_DcmDiagnosticSessionControl() with the new diagnostic
session type (see [SWS_Dcm_91019]). c(SRS_Diag_04015)
[SWS_Dcm_00085] d The DSP submodule shall manage internally a read ac-
cess for the dataIdentifier 0xF186 (ActiveDiagnosticSessionDataIdentifier) defined in
ISO14229-1 [1]. c()
7.5.2.3 Service 0x11 - ECUReset
UDS Service ECUReset (0x11) allows an external tester to request a server reset. The
service request contains parameter:
• resetType
[SWS_Dcm_00260] d The Dcm module shall implement the UDS Service ECUReset
(0x11). c()

Manager
[SWS_Dcm_00373] d On reception of a request for UDS Service 0x11 with the sub
functions other than enableRapidPowerShutDown (0x04) or disableRapidPowerShut-
Down (0x05), the Dcm module shall trigger the mode switch of ModeDeclarationGroup-
Prototype DcmEcuReset equal to the received resetType. After the mode switch is
requested the Dcm shall trigger the start of the positive response message transmis-
sion. Sub function hardReset (0x01) to HARD Sub function keyOffOnReset (0x02) to
KEYONOFF Sub function softReset (0x03) to SOFT c()
Note: By this mode switch the Dcm informs the BswM to carry out necessary actions
for the handling of this individual reset type. These actions can be configured within
the BswM action list corresponding to the requested reset type. Here the integrator can
also define if an ECU reset will finally be performed or not.
[SWS_Dcm_00594] d On the transmit confirmation (call to Dcm_TpTxConfirmation)
of the positive response, the Dcm module shall trigger the mode switch
of ModeDeclarationGroupPrototype DcmEcuReset to the mode EXECUTE (via
SchM_Switch_<bsnp>_DcmEcuReset(RTE_MODE_DcmEcuReset_EXECUTE)). c()
Note: By this mode switch the Dcm requests the BswM to perform the final processing
on the reset type according to the configured action list.
[SWS_Dcm_00818] d On reception of a request for UDS Service 0x11 with the
sub functions enableRapidPowerShutdown (0x04) or disableRapidPowerShutdown
(0x05), the Dcm module shall trigger the mode switch of ModeDeclarationGroupPro-
totype DcmRapidPowerShutDown: Sub function enableRapidPowerShutDown (0x04)
to ENABLE_RAPIDPOWERSHUTDOWN, Sub function disableRapidPowerShutDown
(0x05) to DISABLE_RAPIDPOWERSHUTDOWN c()
Note: If EnableRapidPowerShutdown is enabled, the ECU should shorten its power-
down time.
[SWS_Dcm_00589] d In case the parameter DcmDspPowerDownTime is present, the
Dcm shall set the powerDownTime in positive response to sub-service enableRapid-
PowerShutDown with value set in DcmDspPowerDownTime. c()
[SWS_Dcm_00834] d After sending the positive response of EcuReset (call of
Dcm_TpTxConfirmation) the Dcm shall ignore all further requests during reset-
processing. c()
[SWS_Dcm_CONSTR_6080] DcmDspEcuResetRow container configuration d One
container DcmDspEcuResetRow shall be configured for each DcmDsdSubService
(DcmDspEcuResetId matching to the DcmDsdSubServiceId) configured for the
UDS service ECUReset (0x11) which does not have the corresponding DcmDsdSub-
ServiceFnc parameter configured. c(SRS_Diag_04098)
7.5.2.4 Service 0x14 - Clear Diagnostic Information
UDS Service ClearDiagnosticInformation (0x14) requests an ECU to clear the error

memory. The service request contains the parameter:

Manager
• groupOfDTC.
[SWS_Dcm_00247] d The Dcm module shall implement UDS Service 0x14. c()
[SWS_Dcm_01263] d Upon reception of a UDS Service ClearDiagnosticInformation
(0x14) request with parameter groupOfDTC, the Dcm module shall call the API
Dem_SelectDTC() with the following parameter values:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef)
• DTC: groupOfDTC from the service request
• DTCFormat: DEM_DTC_FORMAT_UDS
• DTCOrigin: DEM_DTC_ORIGIN_PRIMARY_MEMORY
c(SRS_Diag_04058)
[SWS_Dcm_01400] d After call of Dem_SelectDTC() the Dcm shall call
Dem_GetDTCSelectionResultForClearDTC() with the following parameter value:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef.
c()
[SWS_Dcm_01265] d In case Dem_GetDTCSelectionResultForClearDTC() returns
DEM_WRONG_DTC, the Dcm shall send a NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_01268] d In case Dem_GetDTCSelectionResultForClearDTC() returns
E_OK, the Dcm module shall check if application allows to clear the DTC (according
to the configuration parameter DcmDspClearDTCCheckFnc). If not, the Dcm module
shall send a negative response with NRC set to value from the parameter "ErrorCode".
c()
[SWS_Dcm_01269] d In case application allows to clear the DTC, the Dcm module
shall check if the DTC can be cleared in the current mode condition (according to the
configuration parameter DcmDspClearDTCModeRuleRef). If not, the Dcm module
shall send the calculated negative response code of the referenced DcmModeRule. c
()
[SWS_Dcm_00005] d If the condition checks are successfully done, the Dcm module
shall call Dem_ClearDTC with the following parameter values:
• ClientId = Client Id for this Dcm instance (see DcmDemClientRef)
c(SRS_Diag_04058)
[SWS_Dcm_00705] d In case Dem_ClearDTC() returns E_OK, the Dcm module shall
send a positive response. c()
[SWS_Dcm_00707] d In case Dem_ClearDTC() returns DEM_CLEAR_FAILED, the
Dcm shall send a negative response 0x22 (conditionsNotCorrect). c()
[SWS_Dcm_00708] d In case Dem_ClearDTC() returns DEM_WRONG_DTC, the Dcm
shall send a negative response 0x31 (requestOutOfRange). c()

Manager
[SWS_Dcm_00966] d In case Dem_ClearDTC() returns DEM_CLEAR_BUSY, the Dcm

shall send a negative response 0x22 (conditionsNotCorrect). c()
Note: Dem_ClearDTC typically triggers further callbacks through the RTE. To indicate
the respective call-tree for these runnables, a work-around is used: The Dcm triggers
the DTC deletion using the Dem interface DcmIf (operation DcmClearDTC) instead of a
direct C call.
[SWS_Dcm_01060] d In case Dem_ClearDTC() returns
DEM_CLEAR_MEMORY_ERROR, the Dcm shall trigger a negative response
with NRC 0x72 (generalProgrammingFailure). c()
[SWS_Dcm_01408] d In case Dem_ClearDTC() returns DEM_WRONG_DTCORIGIN,
the Dcm shall trigger a negative response 0x31 (requestOutOfRange). c()
7.5.2.5 Service 0x19 - Read DTC Information
Service 0x19 allows a client to read the status of server resident Diagnostic Trouble
Code (DTC) information.
[SWS_Dcm_00248] d The Dcm module shall implement the UDS Service 0x19. c()
To setup the retrieval of specific data from the Dem module, the Dcm will
call different filter APIs (Dem_SetDTCFilter(), Dem_SetFreezeFrameRecordFilter(),
Dem_SelectFreezeFrameData() and Dem_SelectExtendedDataRecord()).
[SWS_Dcm_01043] d In case E_NOT_OK is returned by Dem_SetDTCFilter(), the Dcm
module shall send a negative response with NRC 0x31 (requestOutOfRange). c()
[SWS_Dcm_01334] d For all sub-functions addressing user defined fault memory,
before calling the appropriate Dem API, the Dcm shall add the value 0x0100 to
the received selection request parameter MemorySelection in order to match the
Dem_DTCOriginType. c()
7.5.2.5.1 Subfunctions 0x01, 0x07, 0x11 and 0x12
UDS Service 0x19 with subfunctions 0x01, 0x11 or 0x12 requests the ECU to report
the number of DTCs matching tester-defined criteria. The service request contains the
parameter:
• DTCStatusMask
UDS Service 0x19 with subfunction 0x07 requests the ECU to report the num-
ber of DTCs matching tester-defined criteria. The service request contains the
parameters:
• DTCSeverityMask
• DTCStatusMask

Manager
[SWS_Dcm_00376] d When sending a positive response to UDS Service 0x19 with

subfunction 0x01, 0x07, 0x11 or 0x12, the Dcm module shall use the data in the re-
sponse message according to Table 7.8c()
Parameter name Value
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007]).
DTCFormatIdentifier Value returned by Dem_GetTranslationType()
DTCCount Value calculated according to [SWS_Dcm_00293]
Table 7.8: Subfaunction 0x01, 0x07, 0x11 and 0x12 response values
[SWS_Dcm_00293] d When responding to UDS Service 0x19 with subfunc-

tion 0x01, 0x07, 0x11 or 0x12, the Dcm module shall calculate the number
of DTCs using Dem_GetNumberOfFilteredDTC() after having set the DEM-filter
with Dem_SetDTCFilter() using the parameter values according to Table 7.9.c
(SRS_Diag_04058, SRS_Diag_04067)
reportNumber reportNumber reportNumberOf reportNumberOf
OfDTC OfDTCBySeveri- MirrorMemory EmissionsRe-
ByStatusMask tyMaskRecord DTCByStatus- lated
Mask OBDDTCBySta-
tusMask
0x01 0x07 0x11 0x12
ClientId Client Id for this Client Id for this Client Id for this Client Id for this
Dcm instance Dcm instance Dcm instance Dcm instance
(see DcmDem- (see DcmDem- (see DcmDem- (see DcmDem-
ClientRef) ClientRef) ClientRef) ClientRef)
DTCStatusMask DTCStatusMask DTCStatusMask DTCStatusMask DTCStatusMask
from request (see from request (see from request (see from request (see
[SWS_Dcm_00700]) [SWS_Dcm_00700]) [SWS_Dcm_00700]) [SWS_Dcm_00700])
DTCFormat DEM_DTC_ DEM_DTC_ DEM_DTC_ DEM_DTC_
FORMAT_UDS FORMAT_UDS FORMAT_UDS FORMAT_UDS
DTCOrigin PRIMARY_ PRIMARY_ MIRROR_ DEM_DTC_
MEMORY MEMORY MEMORY ORIGIN_OBD_
RELEVANT_
MEMORY
FilterWithSeverity NO YES NO NO
DTCSeverityMask Not relevant DTCSeverityMask Not relevant Not relevant
from request
FilterForFaultDe- NO NO NO NO
tectionCounter
Table 7.9: Dem_SetDTCFilter() parameters values for subfunctions 0x01, 0x07, 0x11 and
0x12
7.5.2.5.2 Subfunctions 0x02, 0x0A, 0x0F, 0x13, 0x15 and 0x17
UDS Service 0x19 with subfunctions 0x02, 0x0F or 0x13 requests the DTCs (and their
associated status) that match certain conditions. The service request contains the
parameter:

Manager
• DTCStatusMask
UDS Service 0x19 with subfunction 0x0A requests all supported DTCs and their associ-
ated status. UDS Service 0x19 with subfunction 0x15 requests all DTCs with permanent
status.
subfunction 0x02, 0x0A, 0x0F, 0x13, 0x15 or 0x17, the Dcm module shall use the data
in the response message according to Table 7.10.c()
DTCStatusAvailabilityMask DTCStatusAvailabilityMask (see [SWS_Dcm_00007])
DTCAndStatusRecord As defined in [SWS_Dcm_00008] and
[SWS_Dcm_00378]
MemorySelection (subservice 0x17 From request
only)
Table 7.10: Subfunction 0x02, 0x0A, 0x0F, 0x13, 0x15 and 0x17 eesponse values
[SWS_Dcm_01545] Read user defined memory by status mask authentication

check d On reception of the UDS Service ReadDTCInformation (0x19) with sub-
function reportUserDefMemoryDTCByStatusMask (0x17), the Dcm shall check if the
access to the selected user defined memory in parameter MemorySelection is authen-
ticated and read the DTC information only if:
• a DcmDspReadDTCInformationUserDefinedFaultMemoryRole is con-
figured with DcmDspReadDTCInformationUserDefinedFaultMemory-
RoleId matching the MemorySelection and the verification according to
[SWS_Dcm_01479] was successful or
• the active white list on that connection has for that requested user defined mem-
ory selection one entry.
c(SRS_Diag_04233)
According to [SWS_Dcm_01545] the authentication checks are only executed if
DcmDspAuthentication is configured. In case of a failed authentication the NRC han-
dling is according to [SWS_Dcm_01544] and [SWS_Dcm_01551] applies.
[SWS_Dcm_00008] d On reception of a UDS Service 0x19 request with subfunction
0x02, 0x0F and 0x13 and if the result of the bitwise AND operation between the DTC-
StatusMask received within the request message and the DTCStatusAvailabilityMask
reported by the DEM is equal to 0, the Dcm module shall answer positively with 0 DTC.
c()
[SWS_Dcm_00378] d When responding to UDS Service 0x19 with subfunctions 0x02,
0x0A, 0x0F, 0x13, 0x15 or 0x17, the Dcm module shall obtain the records with DTCs
(and their associated status) by repeatedly calling Dem_GetNextFilteredDTC() after
having configured the filter with Dem_SetDTCFilter() using the parameter values ac-
cording to Table 7.11.c(SRS_Diag_04058, SRS_Diag_04067)

Manager
reportDTC report report report report report

ByStatus Supported Mirror Emissions DTCWith UserDef
Mask DTCs Memory Related Permanent Memory
DTCBy OBDDTC Status DTCBy
StatusMask ByStatus StatusMask
Mask
0x02 0x0A 0x0F 0x13 0x15 0x17
ClientId Client Id for Client Id for Client Id for Client Id for Client Id for Client Id for
this Dcm this Dcm this Dcm this Dcm this Dcm this Dcm
instance instance instance instance instance instance
(see (see (see (see (see (see
DcmDem- DcmDem- DcmDem- DcmDem- DcmDem- DcmDem-
Clien- Clien- Clien- Clien- Clien- Clien-
tRef) tRef) tRef) tRef) tRef) tRef)
DTCStatus DTCStatus 0x00 DTCStatus DTCStatus 0x00 DTCStatus
Mask Mask from Mask from Mask from Mask from
request (see request (see request (see request (see
SWS_Dcm_ SWS_Dcm_ SWS_Dcm_ SWS_Dcm_
00700) 00700) 00700) 00700)
DTCFormat DEM_DTC_ DEM_DTC_ DEM_DTC_ DEM_DTC_ DEM_DTC_ DEM_DTC_
FOR- FOR- FOR- FOR- FOR- FOR-
MAT_UDS MAT_UDS MAT_UDS MAT_UDS MAT_UDS MAT_UDS
DTCOrigin PRIMARY_ PRIMARY_ MIRROR_ DEM_DTC_ PERMA Memory
MEMORY MEMORY MEMORY ORIGIN_ NENT_ Selection
OBD_RELE- MEMORY from request
VANT_ + 0x0100
MEMORY
FilterWith NO NO NO NO NO NO
Severity
DTCSeverity Not relevant Not relevant Not relevant Not relevant Not relevant Not relevant
Mask
FilterFor NO NO NO NO NO NO
FaultDetec-
tionCounter
Table 7.11: Dem_SetDTCFilter() parameters values for subfunctions 0x02, 0x0A, 0x0F,
0x13,0x15 and0x17
Note:
• The Dcm module can get an indication of the number of records that will be found
using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
This allows the implementation to calculate the total size of the response before
cycling through the DTCs.
• The value 0x00 used as DTCStatusMask for the subfunctions 0x0A and 0x15
disables the status byte filtering in Dem_SetDTCFilter().
[SWS_Dcm_00828] d In case of paged buffer support is disabled, the Dcm module shall
not insert zero-padded DTCs to the response of UDS Service 0x19 with subfunctions
0x02, 0x0A, 0x0F, 0x13, 0x15 or 0x17. c()
When using paged buffer mechanism, in some case, it’s possible that the number of
DTC matching the filter change between the calculation of the total size, needed for

Manager
the first page transmission, and the sending of the further pages. For this reason, the
following requirement apply :
[SWS_Dcm_00587] d In case of paged buffer support is enabled, The Dcm shall limit
the response size to the size calculated when sending the first page. If more DTCs
match the filter after this sending, the additional DTCs shall not be considered. c()
[SWS_Dcm_00588] d In case of paged buffer support is enabled,The Dcm shall pad
the response with the size calculated when sending the first page. If less DTC match
the filter after this sending, the missing DTCs shall be padded with 0 value as defined
in 15031-6 [14]. c()
[SWS_Dcm_01229] d If Dem_GetNextFilteredDTC() returns
c()
[SWS_Dcm_01230] d If Dem_GetNextFilteredDTC() returns
DEM_NO_SUCH_ELEMENT and at no matching element could be retrieved be-
fore, the Dcm shall send a positive response only for service and subservice and
additional parameters required within a positive response. c()
7.5.2.5.3 Subfunction 0x08
UDS Service 0x19 with subfunction 0x08 requests the DTCs and the associated status
that match a tester-defined severity mask record. The service request contains the
following parameters:
• DTCSeverityMask
• DTCStatusMask
subfunction 0x08, the Dcm module shall use the data in the response message accord-
ing to Table 7.12.c()
DTCAndSeverityRecord As defined in [SWS_Dcm_00380]
Table 7.12: Subfunction 0x08 response values
[SWS_Dcm_00380] d When responding to UDS Service 0x19 with subfunction

0x08, the Dcm module shall obtain the DTCAndSeverityRecords by repeatedly call-
ing Dem_GetNextFilteredDTCAndSeverity() after having configured the filter with
Dem_SetDTCFilter() using the parameter values according to Table 7.13.c()
reportDTCBySeverityMaskRecord
ClientId Client Id for this Dcm instance (see DcmDemClientRef)

Manager
reportDTCBySeverityMaskRecord
DTCStatusMask DTCStatusMask from request (see [SWS_Dcm_00700]
DTCFormat DEM_DTC_FORMAT_UDS
DTCOrigin PRIMARY_MEMORY
FilterWithSeverity YES
DTCSeverityMask DTCSeverityMask from request
FilterForFaultDetectionCounter NO
Table 7.13: Dem_SetDTCFilter() parameters values for Subfunction 0x08
Note: The Dcm module can get an indication of the number of records
that will be found using Dem_GetNextFilteredDTCAndSeverity() by using
Dem_GetNumberOfFilteredDTC().
UDS Service 0x19 with subfunction 0x09 requests the severity information of a DTC.
The service request contains the parameter:
• DTCMaskRecord
DTCAndSeverityRecord DTCSeverityMask: see [SWS_Dcm_01402]
DTCFunctionalUnit: see [SWS_Dcm_01403]
DTC: the given DTC of the request
statusOfDTC : see [SWS_Dcm_01404]
[SWS_Dcm_01402] d To select the DTC, the Dcm module shall call the API
Dem_SelectDTC() with the following parameter values:
• DTC: DTC from the service request
• DTCFormat: DEM_DTC_FORMAT_UDS
c()
[SWS_Dcm_01403] d To retrieve the DTCSeverityMask of the selected DTC, the Dcm
shall call Dem_GetSeverityOfDTC() with the following parameter value:

Manager
c()
[SWS_Dcm_01404] d To retrieve the DTCFunctionalUnit of the selected DTC, the Dcm
shall call Dem_GetFunctionalUnitOfDTC() with the following parameter value:
c()
[SWS_Dcm_01405] d To retrieve the statusOfDTC of the selected DTC, the Dcm shall
call Dem_GetStatusOfDTC() with the following parameter value:
c()
[SWS_Dcm_01226] d If Dem_GetFunctionalUnitOfDTC() returns
DEM_WRONG_DTC or DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC
0x31 (requestOutOfRange). c()
[SWS_Dcm_01240] d If Dem_GetSeverityOfDTC() returns DEM_WRONG_DTC, the
Dcm shall send a NRC 0x31 (requestOutOfRange) c()
[SWS_Dcm_01406] d If Dem_GetStatusOfDTC() returns DEM_WRONG_DTC or
DEM_WRONG_DTCORIGIN, the Dcm shall send a NRC 0x31 (requestOutOfRange).
c()
7.5.2.5.5 Subfunctions 0x06/0x10/0x19
The UDS Service 0x19 with subfunction 0x06, 0x10 or 0x19 requests a specific Ex-
tended Data Records for a specific DTC. The service request contains the parameters:
• DTCMaskRecord
• DTCExtendedDataRecordNumber
[SWS_Dcm_01547] d On reception of the UDS Service ReadDTCInformation (0x19)
with sub-function reportUserDefMemoryDTCExtDataRecordByDTCNumber (0x19),
the Dcm shall check if the access to the selected user defined memory in parame-
ter MemorySelection is authenticated and read the DTC information only if:
• a DcmDspReadDTCInformationUserDefinedFaultMemoryRole is configured
with DcmDspReadDTCInformationUserDefinedFaultMemoryRoleId matching the
MemorySelection and the verification according to [SWS_Dcm_01522] was suc-
cessful or
c()

Manager

[SWS_Dcm_00386] d Upon reception of UDS Service 0x019 with subfunction 0x06 or
0x10 or 0x19, the Dcm shall retrieve from the Dem the stored extended data records for
the requested DTC and origin. c()
[SWS_Dcm_00295] d When responding to UDS Service 0x19 with subfunction 0x06,
0x10 or 0x19, the Dcm module shall calculate the statusOfDTC by first calling
Dem_SelectDTC() with the parameters values set according to Table 7.15 and then
Dem_GetStatusOfDTC() with ClientId = Client Id for this Dcm instance (see DcmDem-
ClientRef).c(SRS_Diag_04058)
reportDTC report reportUserDef
ExtendedData MirrorMemoryDTC MemoryDTC
Record ExtendedData ExtDataRecord
ByDTCNumber Record ByDTCNumber
ByDTCNumber
0x06 0x10 0x19
ClientId Client Id for this Dcm Client Id for this Dcm Client Id for this Dcm
instance (see instance (see instance (see
DcmDemClientRef) DcmDemClientRef) DcmDemClientRef)
DTC DTCMaskRecord from DTCMaskRecord from DTCMaskRecord from
request request request
DTCOrigin PRIMARY_MEMORY MIRROR_MEMORY MemorySelection
from request +
0x0100
Table 7.15: Dem_SelectDTC() parameters values for subfunctions 0x06, 0x10 and 0x19
[SWS_Dcm_00841] d If Dem_GetNextExtendedDataRecord() returns E_OK and Buf-

Size 0 (empty buffer), the Dcm module shall omit the DTCExtendedDataRecordNumber
for the related record in the response of service 0x19 0x06/0x10/0x19. c()
0x10 or 0x19, the Dcm module shall calculate the DTCExtendedDataRecord by first
calling Dem_SelectExtendedDataRecord() with the parameter values set according
to Table 7.16 and then call Dem_GetNextExtendedDataRecord() repeatedly until
DEM_NO_SUCH_ELEMENT is returned.c()
reportDTCExtended- reportMirrorMemoryDTCreportUserDefMemory
DataRecord Extended- DTCExtDataRecord
ByDTCNumber DataRecord ByDTCNumber
ByDTCNumber
0x06 0x10 0x19
DTC DTCMaskRecord from DTCMaskRecord from DTCMaskRecord from

Manager
DTCOrigin PRIMARY_MEMORY MIRROR_MEMORY Memory Selection

from request +
0x0100
ExtendedDataNumber DTCExtendedData DTCExtendedData DTCExtendedData
RecordNumber from RecordNumber from RecordNumber from
Table 7.16: Dem_SelectExtendedDataRecord() parameters values for subfunctions 0x06,

0x10 and 0x19
As required in [SWS_Dcm_00371], the Dcm module shall obtain the size of the ex-
tended data record by using Dem_GetSizeOfExtendedDataRecordSelection().
UDS Service 0x19 with subfunction 0x03 allows an external tester to request the corre-
sponding DTCs for all FreezeFrame records present in an ECU.
ing to Table 7.17. c()
DTCRecord / DTCSnapshotRecord- As defined in [SWS_Dcm_00299]
Number

Manager
Figure 7.7: Request DTC Snapshot Record Identification
[SWS_Dcm_00298] d When UDS Service 0x19 with subfunction 0x03 is re-

quested,the DSP submodule shall retrieve the number of stored freeze frame
records by calling Dem_SetFreezeFrameRecordFilter() with DTCFormat equal to
DEM_DTC_FORMAT_UDS and Dem_GetNumberOfFreezeFrameRecords. c()
the Dcm module shall obtain the consecutive DTCs and DTCSnapshotRecordNumbers
by repeatedly calling Dem_GetNextFilteredRecord(). c()
requirement [SWS_Dcm_00587] and [SWS_Dcm_00588] shall be considered for the
implementation of this subservice.
[SWS_Dcm_01237] d If Dem_GetNextFilteredRecord() returns
c()
[SWS_Dcm_01238] d If Dem_GetNextFilteredRecord() returns
DEM_NO_SUCH_ELEMENT and no matching element could be retrieved be-
fore, the Dcm shall send a positive response only for service and subservice. c
()
[SWS_Dcm_01256] d If Dem_SetFreezeFrameRecordFilter() returns E_NOT_OK, the
Dcm shall send a NRC 0x31 (RequestOutOfRange). c()

Manager
7.5.2.5.7 Subfunctions 0x04 and 0x18
Using UDS Service 0x19 with subfunction 0x04 or 0x18, an external tester can request
FreezeFrame information for one or all FreezeFrames of a specific DTC. The service
request contains parameters:
• DTCMaskRecord
• DTCSnapshotRecordNumber
The subfunction 0x18 has an additional MemorySelection.
Figure 7.8: Request DTC Snapshot Record by Snapshot Record Number
[SWS_Dcm_01546] d On reception of the UDS Service ReadDTCInformation (0x19)

with sub-function reportUserDefMemoryDTCSnapshotRecordByDTCNumber (0x18),
the Dcm shall check if the access to the selected user defined memory in parame-
ter MemorySelection is authenticated and read the DTC information only if:
• a DcmDspReadDTCInformationUserDefinedFaultMemoryRole is configured
with DcmDspReadDTCInformationUserDefinedFaultMemoryRoleId matching the
MemorySelection and the verification according to [SWS_Dcm_01522] was suc-
cessful or
c()

Manager

subfunction 0x04 or 0x18, the Dcm module shall use the data in the response message
according to Table 7.18.c()
Parameter name Value in Subservice 0x04 Value in Subservice 0x18
DTCAndStatusRecord DTC from the request, DTC from the request,
statusOfDTC according to statusOfDTC according to
[SWS_Dcm_00383] [SWS_Dcm_01147]
DTCSnapshotRecordNum- The DTCSnapshotRecord The DTCSnapshotRecord
ber Number is contained in the Number is contained in the
output buffer from the Dem_ output buffer from the Dem_
GetNextFreezeFrame() call. GetNextFreezeFrame() call.
see [SWS_Dcm_00384] see [SWS_Dcm_00384].
DTCSnapshotRecordNum- As defined in As defined in
berOfIdentifiers / DTCSnap- [SWS_Dcm_00384] [SWS_Dcm_00384]
shotRecord
MemorySelection n/a From request
Table 7.18: Subfunction 0x04 and 0x18 response values

the Dcm module shall obtain the status of the DTC by first calling Dem_SelectDTC()
with the following parameters:
• DTC: DTC from the request
and then Dem_GetStatusOfDTC() with ClientId = Client Id for this Dcm instance (see
DcmDemClientRef) c(SRS_Diag_04058)
tion 0x18, the Dcm module shall obtain the status of the DTC by first calling
Dem_GetStatusOfDTC() with the following parameters:
• ClientId: Client Id for this Dcm instance (see DcmDemClientRef
• DTC: DTC from the request
• DTCOrigin: Memory Selection from request + 0x0100
and then Dem_GetStatusOfDTC() with ClientId = DcmDemClientRef c
(SRS_Diag_04058)
[SWS_Dcm_00384] d Upon reception of UDS Service 0x019 with subfunction 0x04 or
0x18, the Dcm shall retrieve from the Dem the stored snapshot records for the requested
DTC and origin. c(SRS_Diag_04058)

Manager
[SWS_Dcm_00441] d The Dcm module shall obtain the size of the

data returned by Dem in Dem_GetNextFreezeFrameData() call by using
Dem_GetSizeOfFreezeFrameSelection(). c()
To get the size of all FreezeFrame data, the Dcm module calls
Dem_SelectFreezeFrameData() with RecordNumber set to 0xFF.
[SWS_Dcm_01220] d If Dem_GetNextFreezeFrameData() returns
DEM_WRONG_DTC or DEM_WRONG_DTCORIGIN the Dcm shall send a NRC
0x31 (RequestOutOfRange) c()
0x04, or 0x18, the Dcm shall collect the freeze frame data by first calling
Dem_SelectFreezeFrameData() and then call Dem_GetNextFreezeFrameData() re-
peatedly until DEM_NO_SUCH_ELEMENT is returned. c()
[SWS_Dcm_01224] d If at least one of the requested freeze frame data is supported,
the Dcm shall send a positive response. Otherwise the Dcm shall send a NRC 0x31
(RequestOutOfRange). c()
[SWS_Dcm_01246] d If Dem_GetSizeOfFreezeFrameSelection() returns
DEM_WRONG_DTC, DEM_WRONG_DTCORIGIN or DEM_NO_SUCH_ELEMENT
the Dcm shall send a NRC 0x31 (RequestOutOfRange). c()
UDS Service 0x19 with subfunction 0x05 allows an external tester to request Freeze-
Frame information for a specific FreezeFrame record number. The service request
contains parameter:
• DTCStoredDataRecordNumber
Due to Dem limitation, the diagnostic service $19 05 is limited to the OBD legislative
freeze frame.
[SWS_Dcm_00632] d On reception of service 0x19 with subfunction 0x05, if the record
number of the diagnostic request is different from 0x00, the Dcm module shall send a
negative response with NRC 0x31 (request out of range). c()
subfunction 0x05 and DTCStoredDataRecordNumber is 0x00, the Dcm module shall
use the data in the response message according to Table 7.19. c()
DTCStoredDataRecordNumber DTCStoredDataRecordNumber from request (0x00)
DTCAndStatusRecord DTC according to [SWS_Dcm_01193], statusOfDTC
according to [SWS_Dcm_00389]
DTCStoredDataRecordNumberOfIden- As defined in [SWS_Dcm_00388]
tifiers / DTCStoredDataRecord

Manager
[SWS_Dcm_00388] d When responding to UDS Service 0x19 with subfunction 0x05

and DTCStoredDataRecordNumber is 0x00, the Dcm shall compose the OBD Freeze-
frame by looping all DcmDspPid and collecting all DcmDspPidData which are con-
figured for service 0x02 by calling Dem_DcmReadDataOfOBDFreezeFrame() for the
Data Element. The Dcm shall compose the DidId by adding 0xF400 to the Pid, and
calculate padding and supported informations. c(SRS_Diag_04058)
tion 0x05 and DTCStoredDataRecordNumber is 0x00, the Dcm shall call
Dem_DcmGetDTCOfOBDFreezeFrame() with FrameNumber 0x00 and DTCFormat
DEM_DTC_FORMAT_UDS to retrieve the DTC of the provided FreezeFrame. c()
[SWS_Dcm_00389] d When responding to UDS Service 0x19 with subfunction 0x05
and DTCStoredDataRecordNumber is 0x00, the Dcm module shall obtain the status of
the DTC by first calling Dem_SelectDTC() with the following parameters:
• DTC: DTC as defined in [SWS_Dcm_00388]
and then Dem_GetStatusOfDTC() with the following parameter:
c(SRS_Diag_04058)
7.5.2.5.9 Subfunctions 0x0B, 0x0C, 0x0D and 0x0E
An external test tool can request the first occurred or most recent failed or confirmed
DTC and associated status, by sending the UDS Service request 0x19 including one of
the following sub-functions 0x0B, 0x0C, 0x0D, 0x0E
subfunction 0x0B, 0x0C, 0x0D or 0x0E, the Dcm module shall use the data in the re-
sponse message according to Table 7.20.c()
DTCAndStatusRecord The DTC is obtained according to [SWS_Dcm_00466], the
StatusOfDtc is obtained according to [SWS_Dcm_00393]
Table 7.20: Subfunctions 0x0B, 0x0C, 0x0D and 0x0E response values
[SWS_Dcm_00393] d For the purpose of responding to UDS Service 0x19 with sub-
functions 0x0B, 0x0C, 0x0D or 0x0E, the Dcm module shall obtain the StatusOfDtc by
calling Dem_GetStatusOfDTC() with the following parameter values:
• ClientId :Client Id for this Dcm instance (see DcmDemClientRef

Manager
• DTC: the DTC value as defined in [SWS_Dcm_00466]

c(SRS_Diag_04058)
[SWS_Dcm_00466] d For the purpose of responding to UDS Service 0x19 with
subfunctions 0x0B, 0x0C, 0x0D or 0x0E, the Dcm shall obtain the DTC with
Dem_GetDTCByOccurrenceTime() using the parameter values according to Table
7.21.c()
reportFirstTest reportFirst reportMost reportMost
FailedDTC ConfirmedDTC RecentTest Recent
FailedDTC ConfirmedDTC
0x0B 0x0C 0x0D 0x0E
ClientId Client Id for this Client Id for this Client Id for this Client Id for this
Dcm instance Dcm instance Dcm instance Dcm instance
(see DcmDem- (see DcmDem- (see DcmDem- (see DcmDem-
ClientRef) ClientRef) ClientRef) ClientRef)
DTCRequest DEM_FIRST_ DEM_FIRST_ DEM_MOST_ DEM_MOST_
FAILED_DTC DET_ RECENT_ REC_DET_
CONFIRMED_ FAILED_DTC CONFIRMED_
DTC DTC
Table 7.21: Dem_GetDTCByOccurrenceTime() parameters values for subfunctions 0x0B,

0x0C, 0x0D and 0x0E
[SWS_Dcm_00766] d If the Dcm received DEM_NO_SUCH_ELEMENT by calling

Dem_GetDTCByOccurrenceTime it shall reply with a positive response and empty DT-
CAndStatusRecord. c()
An external test tool may request an ECU to report the FaultDetectionCounter for all
DTCs with a "Prefailed" status, by sending a UDS Service request 0x19 with subfunction
0x14.
DTC The DTC is obtained according from the call to
Dem_GetNextFilteredDTCAndFDC()
DTCFaultDetectionCounter The DTCFaultDetectionCounter is obtained according
from the call to Dem_GetNextFilteredDTCAndFDC()

Manager
[SWS_Dcm_00465] d When responding to UDS Service 0x19 with subfunctions 0x14,

the Dcm module shall obtain the DTCFaultCounter of every DTCs with status "prefailed"
by repeatedly calling Dem_GetNextFilteredDTCAndFDC() after having configured the
filter with Dem_SetDTCFilter() using the parameter values according to Table 7.23.c
(SRS_Diag_04058)
DTCStatusMask 0x00
DTCOrigin PRIMARY_MEMORY
FilterWithSeverity NO
DTCSeverityMask Not relevant
FilterForFaultDetectionCounter YES
Table 7.23: Dem_GetNextFilteredDTCAndFDC() parameters values for subfunctions 0x14
[SWS_Dcm_00681] d The Dcm module shall obtain the number of records

that will be found using Dem_GetNextFilteredDTCAndFDC() by using
Dem_GetNumberOfFilteredDTC(). c()
[SWS_Dcm_00519] d The calls to Dem_SetDTCFilter() with parameter FilterForFault-
DetectionCounter set to YES shall be done in the context of the Dcm_MainFunction
c()
This allows the implementation to calculate the total size of the response before cycling
through the DTCs.
implementation of this subservice.
[SWS_Dcm_01232] d If Dem_GetNextFilteredDTCAndFDC() returns
c()
[SWS_Dcm_01233] d If Dem_GetNextFilteredDTCAndFDC() returns
fore, the Dcm shall send a positive response only for service and subservice. c
()
UDS Service 0x19 with subfunction 0x42 requests WWH OBD DTCs matching a DTC
status mask a severity mask record. The service request contains the following pa-
rameters:

Manager
• FunctionalGroupIdentifier
• DTCSeverityMask
• DTCStatusMask
[SWS_Dcm_01128] d The Dcm shall reject request messages for subFunction 0x42
with FunctionalGroupIdentifier unequal to 0x33 by returning NRC 0x31 (requestOut-
OfRange) c()
FunctionalGroupIdentifier 0x33
DTCStatusAvailabilityMask Dem_GetDTCStatusAvailabilityMask (see
[SWS_Dcm_00007] )
DTCSeverityAvailabilityMask Dem_GetDTCSeverityAvailabilityMask (see
[SWS_Dcm_01127])
DTCFormatIdentifier Dem_GetTranslationType (limited to values 0x04 and
0x02)
DTCAndSeverityRecord As defined in [SWS_Dcm_01130]

0x42, the Dcm module shall obtain the DTCAndSeverityRecords by repeatedly call-
ing Dem_GetNextFilteredDTCAndSeverity() after having configured the filter with
Dem_SetDTCFilter() using the parameter values according to Table 7.25.c()
DTCStatusMask DTCStatusMask from request (see [SWS_Dcm_00700])
DTCOrigin DEM_DTC_ORIGIN_OBD_RELEVANT_MEMORY
FilterWithSeverity YES
DTCSeverityMask DTCSeverityMask from request
Table 7.25: Dem_GetNextFilteredDTCAndSeverity() parameters values for subfunctions

0x42
[SWS_Dcm_01131] d The return values of Dem_GetNextFilteredDTCAndSeverity

shall be filled according to Table 7.26. c()
DTCSeverity DTCSeverity
DTCHighByte (MSB) DTC (high byte)
DTCMiddleByte DTC (middle byte)
DTCLowByte DTC (low byte)
statusOfDTC DTCStatus

Manager
Table 7.26: Dem_GetNextFilteredDTCAndSeverity return values
Note: The Dcm module can get an indication of the number of records
that will be found using Dem_GetNextFilteredDTCAndSeverity() by using
Dem_GetNumberOfFilteredDTC().
With UDS Service 0x19 with sub-function 0x55 a client can retrieve a list of WWH-OBD
DTCs with the "permanent DTC" status. The service request contains the following
parameter:
• FunctionalGroupIdentifier
[SWS_Dcm_01343] d The Dcm shall only process request messages for sub-function
0x55 with FunctionalGroupIdentifier equal to 0x33. c()
[SWS_Dcm_01344] d The Dcm shall reject request messages for sub-function 0x55
with FunctionalGroupIdentifier unequal to 0x33 by returning NRC 0x31 (RequestOut-
OfRange). c()
sub-function 0x55, the Dcm module shall use the following data in the response mes-
sage according to Table 7.27. c()
FunctionalGroupIdentifier 0x33
DTCStatusAvailabilityMask Dem_GetDTCStatusAvailabilityMask (see
[SWS_Dcm_00007] )
DTCFormatIdentifier Dem_GetTranslationType (limited to values 0x04 and
0x02)
DTCAndStatusRecord As returned by Dem_GetNextFilteredDTC()
Note : When responding to UDS Service 0x19 with sub-function 0x55, the
Dcm module could obtain the DTCAndStatusRecords by repeatedly calling
Dem_GetNextFilteredDTC() after having configured the filter with Dem_SetDTCFilter()
using the parameter values according to Table 7.28.
ClientId See DcmDemClientRef
DTCStatusMask 0x00
DTCOrigin DEM_DTC_ORIGIN_PERMANENT_MEMORY
FilterWithSeverity NO
DTCSeverityMask Not relevant

Manager
Table 7.28: Dem_GetNextFilteredDTCAndSeverity() parameters values for subfunctions

0x42
The Dcm module can get an indication of the number of records that will be found using
Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
[SWS_Dcm_01346] d When responding to UDS Service 0x19 with sub-function
0x55 and Dem_GetTranslationType returns a Dem_DTCTranslationFormatType
different to 0x02 (DEM_DTC_TRANSLATION_SAEJ1939_73) or 0x04
(DEM_DTC_TRANSLATION_J2012DA_FORMAT_04), the Dcm module shall re-
turn NRC 0x10 (generalReject). c()
7.5.2.6 Service 0x22 - ReadDataByIdentifier
[SWS_Dcm_00253] d The Dcm module shall implement the UDS Service ReadDataByI-
dentifier (0x22) c()
[SWS_Dcm_01335] d On reception of the UDS Service ReadDataByIdentifier (0x22), if
the number of requested DID exceeds the configured maximum number of data identi-
fiers (refer to configuration parameter DcmDspMaxDidToRead), the Dcm module shall
send NRC 0x13 (Incorrect message length or invalid format) c()
With UDS Service 0x22, the tester can request the value of one or more DIDs.
[SWS_Dcm_01548] d On reception of the UDS Service ReadDataByIdentifier (0x22),
the Dcm shall check if the access to all requested DIDs outside the range 0xF200-
0xF8FF is authenticated and read the data identifiers only if:
• a DcmDspDidReadRole is configured for that DID and the verification according
to [SWS_Dcm_01522] was successful or
• the active white list on that connection has for each requested DID one entry with
read access that matches that DID.
c()
the Dcm shall check for all requested DIDs inside the range 0xF200-0xF3FF if the
content is based of DIDs or parts of DIDs that are authenticated and read the data
identifiers only if:
• a DcmDspDidReadRole is configured for those DIDs and the verification accord-
ing to [SWS_Dcm_01522] was successful or
read access that matches those DIDs.
c()

Manager

[SWS_Dcm_00438] d On reception of the UDS Service ReadDataByIdentifier (0x22)
, for every requested DID the Dcm module shall check if the DID is supported (see
configuration parameter DcmDspDid and DcmDspDidRange) If none of the requested
DIDs is supported, the Dcm module shall send NRC 0x31 (Request out of range). c()
with DID in the range 0xF200 to 0xF3FF, the Dcm module shall check if the DID can be
dynamically defined (the DcmDspDidInfo it references has the DcmDspDidDynami-
callyDefined set to true). If yes, if this DID has not been dynamically defined yet by
calls to the DynamicallyDefineDataIdentifier (0x2C) service, i.e. it has no data sources
defined, the Dcm module shall send NRC 0x31 (Requestout of range) c()
with DID in the range 0xF200 to 0xF3FF, if verification has been successfully done (see
[SWS_Dcm_00651]) and the dynamic DID has been defined with a DID source (see
[SWS_Dcm_00646]), the Dcm module shall use the configuration of this DID source to
read the data. c()
with DID in the range 0xF200 to 0xF3FF, if verification has been successfully done
(see [SWS_Dcm_00651]) and the dynamic DID has been defined with a DID source
(see [SWS_Dcm_00646]), the Dcm module shall do the session, security and mode
dependencies checks for all source DIDs in case the configuration parameter DcmD-
spDDDIDcheckPerSourceDID is set to TRUE. c()
[SWS_Dcm_00865] d In case the configuration parameter DcmDspDDDIDcheckPer-
SourceDID is set to FALSE, there is no session, security or mode dependencies check
for the source DIDs. c()
Note: In case there is a need to validate the session or security dependencies always,
the DDDID should be cleared by any security and session transitions.
with DID in the range 0xF200 to 0xF3FF, if verification has been successfully done (see
[SWS_Dcm_00651]) and the dynamic DID has been defined with a memory address
(see [SWS_Dcm_00646]), the Dcm module shall use the callout Dcm_ReadMemory to
read the data. c()
[SWS_Dcm_00561] d If a DID is set as unused (DcmDspDidUsed set to FALSE), the
Dcm shall consider the DID as not supported (according to [SWS_Dcm_00438]) c()
for every requested DID the Dcm module shall check if the DID has a Read access con-
figured (see configuration parameter DcmDspDidRead in DcmDspDidInfo). If none
of the DID has a Read access, the Dcm module shall send NRC 0x31 (Request out of
range). c()

Manager

for every requested DID the Dcm module shall check if the DID can be read in the
current session (see configuration parameter DcmDspDidReadSessionRef). If none
of the DID can be renden in the current session, the Dcm module shall send a NRC
0x31 (RequestOutOfRange). c()
for every requested DID the Dcm module shall check if the DID can be read in the cur-
rent security level (see configuration parameter DcmDspDidReadSecurityLevel-
Ref). If not, the Dcm module shall send NRC 0x33 (Security access denied). c()
for every requested DID the Dcm module shall check if the DID can be read in the
current mode condition (according to the configuration parameter DcmDspDidRead-
ModeRuleRef). If not, the Dcm module shall send the calculated negative response of
the referenced DcmModeRule. c()
[SWS_Dcm_00440] d If the requested DID references other DID using DcmDsp-
DidRef, the Dcm module shall process the verification and the reading of every ref-
erenced DID and concatenate the response data without any gaps based on the se-
quence in the configuration. c()
[SWS_Dcm_CONSTR_6023] DcmDspDidRef shall not reference the same DID ref-
erence twice d DcmDspDid container shall not include the same DcmDspDidRef
parameters more than once. c()
[SWS_Dcm_CONSTR_6057] Dependency for DcmDspDataEcuSignal d DcmD-
spDataEcuSignal shall be only present if DcmDspDataUsePort is set to
USE_ECU_SIGNAL. c()
[SWS_Dcm_CONSTR_6058] Dependency for DcmDspDataEndianness d In case
DcmDspDataEndianness is not configured, the DcmDspDataDefaultEndianness
shall be used instead. c()
[SWS_Dcm_CONSTR_6061] Dependency for DcmDspDataReadDataLengthFnc
d DcmDspDataReadDataLengthFnc shall be only present if:
• DcmDspDataUsePort is set to USE_DATA_SYNCH_FNC or
• DcmDspDataUsePort is set to USE_DATA_ASYNCH_FNC or
• DcmDspDataUsePort is set to USE_DATA_ASYNCH_FNC_ERROR
c()
[SWS_Dcm_CONSTR_6062] Dependency for DcmDspDataReadFnc d DcmDsp-
DataReadFnc shall be only present if:

Manager
c()
[SWS_Dcm_01385] d If the DID dataRecord has bytes, not defined by any data ele-
ment, the Dcm shall fill these bytes with the value 0x00. c()
[SWS_Dcm_01431] d If the configuration parameter DcmDspDidSize is configured,
the Dcm shall enforce the DID data to have the configured size. c()
7.5.2.6.1 UDS DID

for every requested DID outside the OBD range (F400-F8FF), after all verifica-
tion (see [SWS_Dcm_00433], [SWS_Dcm_00434] and [SWS_Dcm_00435]), If the
data is configured as a "ECU signal" of the IoHwAb (parameter DcmDspDataUse-
Port), the Dcm shall call the Api IoHwAb_Dcm_Read<EcuSignalName >() (param-
eter DcmDspDataReadEcuSignal) to get the Data. In this case, the requirements
[SWS_Dcm_00439], [SWS_Dcm_00436] and [SWS_Dcm_00437] shall not apply. c()
[SWS_Dcm_00439] d On reception of the UDS Service ReadDataByI-
dentifier (0x22), for every requested DID outside the OBD range (F400-
F8FF), the Dcm module shall request the application if the DID can be
read by calling the configured function (if parameter DcmDspDataUse-
Port set to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC or
USE_DATA_ASYNCH_FNC_ERROR; see configuration parameter DcmDspData-
ConditionCheckReadFnc) on each data of the DID or call the associated
ConditionCheckRead operation (if parameter DcmDspDataUsePort set to
USE_DATA_SYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_CLIENT_SERVER
or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR). If not (one function returns
E_NOT_OK) , the Dcm module shall send a negative response with NRC set to value
from the parameter "ErrorCode" of DcmDspDataConditionCheckReadFnc function
or ConditionCheckRead operation. c()
for every requested DID outside the OBD range (F400-F8FF), the Dcm module shall
for each signal (DcmDspDidSignal) with a dynamic data length (DcmDspDataType
is set to UINT8_DYN): call either the configured function DcmDspDataRead-
DataLengthFnc (if parameter DcmDspDataUsePort set to USE_DATA_SYNCH_FNC
or USE_DATA_ASYNCH_FNC or USE_DATA_ASYNCH_FNC_ERROR) or the as-
sociated ReadDataLength operation (if parameter DcmDspDataUsePort set to
USE_DATA_SYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_CLIENT_SERVER or
USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) to get the data length in byte. c()
[SWS_Dcm_00437] d After all verification (see [SWS_Dcm_00433],
[SWS_Dcm_00434], [SWS_Dcm_00435] and [SWS_Dcm_00436]) the
Dcm module shall get for every requested DID outside the OBD range
(F400-F8FF), all the data values by calling all the configured func-
tion (if parameter DcmDspDataUsePort set to USE_DATA_SYNCH_FNC

Manager
or USE_DATA_ASYNCH_FNC or USE_DATA_ASYNCH_FNC_ERROR; see

configuration parameter DcmDspDataReadFnc) or call all the associ-
ated ReadData operations (if parameter DcmDspDataUsePort set to
or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) or read all
the associated SenderReceiver interfaces (if parameter DcmD-
spDataUsePort set to USE_DATA_SENDER_RECEIVER or to
USE_DATA_SENDER_RECEIVER_AS_SERVICE). c()
[SWS_Dcm_01432] d After all verification (see [SWS_Dcm_00433],
[SWS_Dcm_00434], [SWS_Dcm_00435] and [SWS_Dcm_00436])
the Dcm module shall get for every requested DID with DcmDsp-
DidUsePort set to USE_ATOMIC_SENDER_RECEIVER_INTERFACE,
USE_ATOMIC_SENDER_RECEIVER_INTERFACE_AS_SERVICE or
USE_ATOMIC_NV_DATA_INTERFACE and outside the OBD range (F400-F8FF)
the data values by reading the associated sender-receiver or NvDataInterface
DataServices_DID. c()
[SWS_Dcm_00560] d If the data is configured as a BlockId of the NvRam (parameter
DcmDspDataUsePort), the Dcm shall call the Api NvM_ReadBlock() with the BlockId
(parameter DcmDspDataBlockIdRef) c()
Note : For more information, refer to [15, SWS-NVRAMManager].
[SWS_Dcm_00638] d To serialize the required AUTOSAR data types (signed-
and unsigned integer) into the response message of ReadDataByIdentifier re-
sponses, the target endianness configured in DcmDspDataEndianness shall
be considered for DcmDspData elements having DcmDspDataUsePort set
to USE_DATA_SENDER_RECEIVER, USE_DATA_SENDER_RECEIVER_AS_SERVICE,
USE_ECU_SIGNAL. c()
[SWS_Dcm_CONSTR_6070] Dependency for DcmDspDataEndianness d In case
DcmDspDataEndianness is not present, the DcmDspDataDefaultEndianness
shall be used instead. c()
7.5.2.6.2 OBD DID

for every requested DID inside the OBD range (F400-F4FF), the Dcm module
shall get the DID value as defined for OBD Service $01 (see [SWS_Dcm_00407],
[SWS_Dcm_00408], [SWS_Dcm_00943], [SWS_Dcm_00621], [SWS_Dcm_00622],
[SWS_Dcm_00623], [SWS_Dcm_00944] and [SWS_Dcm_00718] ), if DcmDspEn-
ableObdMirror is set to true. c()
for every requested DID inside the OBD Monitor range (F600-F6FF), the Dcm mod-
ule shall get the DID value as defined for OBD Service $06 (see [SWS_Dcm_00957],
[SWS_Dcm_00958], [SWS_Dcm_00945] and [SWS_Dcm_00956]) c()

Manager

for every requested DID inside the OBD InfoType range (F800-F8FF), the Dcm mod-
ule shall get the DID value as defined for OBD Service $09 (see [SWS_Dcm_00422],
[SWS_Dcm_00423] and [SWS_Dcm_00949] without including the number of data
items within the response, if DcmDspEnableObdMirror is set to true. c()
[SWS_Dcm_01195] d If DcmDspEnableObdMirror is set to true, an explicitly config-
ured DID inside the OBD range (F400-F4FF) and the OBD InfoType range (F800-F8FF)
shall use the UDS interface. c()
[SWS_Dcm_01197] d If DcmDspEnableObdMirror is set to FALSE, all requests
within the OBD DID range shall use the UDS interface. c()
If DcmDspEnableObdMirror is set to FALSE ([SWS_Dcm_01197]) or the DID is ex-
plicitly configured inside the OBD PID range (F400-F4FF) ([SWS_Dcm_01195]), the
access to the OBD data shall be given in the following way:
[SWS_Dcm_01379] d On reception of an UDS Service ReadDataByIdentifier (0x22)
request with only ”availability OBDDataIdentifier” as parameter, the Dcm shall respond
with the corresponding supported (=configured) DIDs in the OBD range (F400-F4FF). c
()
request with only OBDDataIdentifier that are not ”availability OBDDataIdentifier”, the
Dcm shall obtain the current value of these OBDDataIdentifier by invoking the con-
figured Xxx_ReadData() functions for every data of the OBDDataIdentifier and shall
return these values as response to Service 0x22. c()
request with a mixture of ”availability OBDDataIdentifier” and not ”availability OBD-
DataIdentifier”, this request shall be ignored by the Dcm. c()
[SWS_Dcm_01382] d If an OBDDataIdentifier contains support information (presence
of DcmDspDidDataSupportInfo container), the Dcm shall add the support informa-
tion in the diagnostic response. c()
[SWS_Dcm_01383] d If an OBDDataIdentifier contains support information (presence
of DcmDspDidDataSupportInfo container), the Dcm shall calculate the support in-
formation value according to the available data for this DID: for every DcmDspData
container existing for this DID, the associated support information bits, referenced in
DcmDspDidDataSupportInfo, shall be set to one. c()
[SWS_Dcm_01384] d When responding to UDS Service ReadDataByIdentifier (0x22)
with OBDDataIdentifier, the Dcm shall put fill-bytes between DcmDspData in the OBD-
DataIdentifier whenever content bytes are missing, in order to fit to the DID size (see
configuration parameter DcmDspDidSize). c()
[SWS_Dcm_01386] d To serialize the required AUTOSAR data types (signed
and unsigned integer) into the response message of ReadDataByIdenti-
fier (0x22) OBDDataIdentifier responses the target endianness configured

Manager
in DcmDspDataEndianness shall be considered for DcmDspData ele-

ments having DcmDspDataUsePort set to {USE_DATA_SENDER_RECEIVER,
USE_DATA_SENDER_RECEIVER_AS_SERVICE, USE_ECU_SIGNAL}. In case DcmD-
spDataEndianness is not present, the DcmDspDataDefaultEndianness shall be
used instead. c()
If DcmDspEnableObdMirror is set to FALSE or the DID is explicitly configured inside
the OBD InfoType range (F800-F8FF), the access to the OBD data shall be given in the
following way:
request with one or more ”availability OBDInfoTypeDataIdentifier” as parameter, the
Dcm module shall respond with the corresponding supported (=configured) DIDs in the
OBD range (F800-F8FF). c()
request with ”availability OBDInfoTypeDataIdentifier” together with other OBDInfoType-
DataIdentifier as parameter, the Dcm module shall ignore the request. c()
request with an OBDInfoTypeDataIdentifier that is not an ”availability OBDInfoType-
DataIdentifier”, the Dcm module shall obtain the value of this OBDInfoTypeDataIdenti-
fier by invoking all the configured Xxx_ReadData() function for every data of this OBD-
InfoTypeDataIdentifier and shall return the value as response to Service 0x22. c()
7.5.2.7 Service 0x24 - ReadScalingDataByIdentifier
[SWS_Dcm_00258] d The Dcm module shall implement the UDS Service ReadScaling-
DataByIdentifier (0x24) c()
To obtain scaling information, the tester can invoke UDS Service 0x24 with the 2-byte
DID as parameter. The configuration of the Dcm contains for each configured DID:
• The 2-byte DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID :
• The function GetScalingInformation (see configuration parameters DcmDsp-
DataGetScalingInfoFnc and DcmDspDataUsePort)
• The length of the ScalingInfo returned by the GetScalingInformation function (see
configuration parameter DcmDspDataScalingInfoSize)
[SWS_Dcm_00394] d On reception of a request for UDS Service ReadScalingByIden-
tifier, the Dcm module shall call every function Xxx_GetScalingInformation() configured
for everay data of the DID received in the request and return the data received in the
response c()
[SWS_Dcm_CONSTR_6060] Dependency for DcmDspDataGetScalingInfoFnc
d DcmDspDataGetScalingInfoFnc shall be only present if:

Manager

c()
7.5.2.8 Service 0x27 - SecurityAccess
[SWS_Dcm_00252] d The Dcm module shall implement the UDS Service SecurityAc-
cess (0x27) c(SRS_Diag_04005)
The purpose of this service is to provide a means to access data and/or diagnostic
services, which have restricted access for security, emissions, or safety reasons.
[SWS_Dcm_00321] d If the request length is correct, the DSP submodule shall check
if the requested subfunction value (access type) is configured in the ECU (see con-
figuration parameter DcmDspSecurityLevel). If the requested subfunction value is
not configured, the DSP submodule shall trigger a negative response with NRC 0x12
(SubFunction not supported). c()
[SWS_Dcm_00323] d If the requested subfunction value is configured and a service
with subfunction type "requestSeed "(= odd value) has been received and if the re-
quested access type is already active (see Dcm_GetSecurityLevel), the DSP sub-
module shall set the seed content to 0x00. c()
[SWS_Dcm_00324] d In the other case than the one described in [SWS_Dcm_00323]
(access type is not active or "send key" request), if DcmDspSecurityUsePort is
set to USE_ASYNCH_CLIENT_SERVER, the DSP submodule shall call the configured
operation Xxx_GetSeed() (in case "request seed" is received) or Xxx_CompareKey()
(in case "send key" is received). c()
[SWS_Dcm_00862] d On reception of the UDS Service SecurityAccess (0x27)
with subfunction type "requestSeed" and if the requested access type is not al-
ready active, the Dcm module shall request a seed by calling the configured
Xxx_GetSeed() function (if the configuration parameter DcmDspSecurityUsePort
is set to USE_ASYNCH_FNC, refer to configuration parameter DcmDspSecurityGet-
SeedFnc). c()
Note : If the static seed mechanism is used, the processing needs to be done by the
application implementing the Xxx_GetSeed() and Xxx_CompareKey() functions.
[SWS_Dcm_CONSTR_6077] Dependency for DcmDspSecurityGetSeedFnc d
DcmDspSecurityGetSeedFnc shall be present only if DcmDspSecurityUsePort
is set to USE_ASYNCH_FNC. c()
[SWS_Dcm_00863] d On reception of the UDS Service SecurityAccess (0x27) with
subfunction type "sendKey", if the requested access type is not already active and
if the "request seed" for the related access type was executed successfully, the

Manager
Dcm module shall request the result of a key comparison by calling the configured
Xxx_CompareKey() function (if the configuration parameter DcmDspSecurityUse-
Port is set to USE_ASYNCH_FNC, refer to configuration parameter DcmDspSecuri-
tyCompareKeyFnc). c()
[SWS_Dcm_CONSTR_6075] Dependency for DcmDspSecurityCompareKeyFnc
d DcmDspSecurityCompareKeyFnc shall be configured only if DcmDspSecuri-
tyUsePort is set to USE_ASYNCH_FNC. c()
The following list gives as an example, which errors can be detected by the security
access service and stored in the error code information:
• RequestSequenceError (NRC 0x24), when invalid access type is send at "send
key",
• RequiredTimeDelayNotExpired (NRC 0x37), when time delay is active (see con-
figuration parameter DcmDspSecurityDelayTime),
• ExceededNumberOfAttempts (NRC 0x36), when number of attempts to get secu-
rity access reaches or exceeds the configured limit (see configuration parameter
DcmDspSecurityNumAttDelay), and
• InvalidKey (NRC 0x35), when invalid key is send at "send key".
[SWS_Dcm_00325] d If the operation CompareKey() returns E_OK, the DSP submod-
ule shall set the new access type with DslInternal_SetSecurityLevel()(see the conver-
sion formula given in ECUC_Dcm_00754 DcmDspSecurityLevel). c()
[SWS_Dcm_01397] d If Xxx_CompareKey() returns value
DCM_E_COMPARE_KEY_FAILED and DcmDspSecurityNumAttDelay is con-
figured, the Dcm shall increment the attempt counter of the security level for which the
sendKey subfunction request failed. c(SRS_Diag_04005)
DCM_E_COMPARE_KEY_FAILED and if the number of failed attempts to enter
the requested security level (AttemptCounter) is less than the value configured for
the DcmDspSecurityNumAttDelay parameter of the requested security level, the
Dcm module shall send a negative response with NRC 0x35 (InvalidKey) and shall not
change the Dcm internal security level. Note: if DcmDspSecurityNumAttDelay
parameter is not configured, the number of failed attempts to enter the requested
security level (AttemptCounter) is not considered. c()
DCM_E_COMPARE_KEY_FAILED and if the number of failed attempts to enter
the requested security level (AttemptCounter) is greater or equal than the value con-
figured for the DcmDspSecurityNumAttDelay parameter of the requested security
level, the Dcm module shall start the SecurityDelayTimer with the value configured in
DcmDspSecurityDelayTime for the SecurityLevel which was requested in the failed
request, send a negative response with NRC 0x36 (exceededNumberOfAttempts) and
shall not change the Dcm internal security level. c()

Manager
[SWS_Dcm_01150] d If Xxx_CompareKey() returns value E_NOT_OK, the Dcm mod-

ule shall send a negative response with NRC code equal to the ErrorCode parameter
value and shall not increment the attempt counter or change the Dcm internal security
level. c()
[SWS_Dcm_01350] d While the SecurityDelayTimer of SecurityLevel is not yet
elapsed, the Dcm module shall send a negative response with NRC 0x37 (required-
TimeDelayNotExpired) on a SecurityAccess (0x27) requestSeed subfunction request
for that Security Level. c()
[SWS_Dcm_00659] d If Xxx_GetSeed() returns value E_NOT_OK, the Dcm module
shall send a negative response with NRC code equal to the ErrorCode parameter value.
c()
7.5.2.9 Service 0x28 - CommunicationControl
[SWS_Dcm_00511] d The Dcm module shall implement the CommunicationControl

(service 0x28) of the Unified Diagnostic Services. c()
[SWS_Dcm_00512] d On invocation of the sent confirmation function of the UDS Ser-
vice CommunicationControl (0x28) from DSD with the subnet parameter of the request
equal to 0x00, the Dcm shall do for each NetworkHandle (see DcmDspAllComMChan-
nelRef) which is configured in DcmDspComControlAllChannel:
1. trigger the mode switch Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to the mode corresponding the communicationType and con-
trolType parameter from the CommunicationControl request.
2. call the Api BswM_Dcm_CommunicationMode_CurrentState with the parameters
NetworkHandleType and Dcm_CommunicationModeType corresponding to the
communicationType and controlType parameter from the CommunicationControl
request (see Dcm_CommunicationModeType definition).
c()
equal to 0x0F(CommunicationControl on the network which request is received on),
the Dcm shall do for the NetworkHandle (see DcmDslProtocolComMChannelRef) of
the current received DcmDslProtocolRxPduRef:
tionGroupPrototype to the mode corresponding to the communicationType and
controlType parameter from the CommunicationControl request.
request (see Dcm_CommunicationModeType definition)

Manager
c()
between 0x01 and 0x0E, the Dcm shall check if the received subnet parameter (see
DcmDspSubnetNumber) is supported. In case it is not supported a NegativeResponse
code 0x31 shall be sent. In case it is supported the Dcm shall do for the correspond-
ing NetworkHandle (see DcmDspSpecificComMChannelRef) of the received subnet
parameter (see DcmDspSubnetNumber):
2. call the Api BswM_Dcm_CommunicationMode_CurrentState the parameters Net-
workHandleType and with Dcm_CommunicationModeType corresponding the
request (see Dcm_CommunicationModeType definition)
c()
For some use-cases the Dcm may re-enable the CommunicationControl due to external
changed mode conditions:
[SWS_Dcm_00753] d In case that the referenced ModeRule (see ECUC_Dcm_00943)
is not fulfilled anymore for a NetworkHandle which is currently in a state other than
DCM_ENABLE_RX_TX_NORM_NM, the Dcm shall:
1. switch the mode group Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype toDCM_ENABLE_RX_TX_NORM_NM
2. call BswM_Dcm_CommunicationMode_CurrentState with the parameters Net-
workHandleType set to the corresponding NetworkHandle of the network and
RequestedCommunicationMode set to DCM_ENABLE_RX_TX_NORM_NM
c()
[SWS_Dcm_00860] d For a NetworkHandle which is currently in a state other than
DCM_ENABLE_RX_TX_NORM_NM if the Dcm is transitioning to default session or
upon any diagnostic session change where the new session does not support UDS
Service CommunicationControl anymore, the Dcm shall:
1. switch the mode group Dcm_CommunicationControl_<Network> ModeDeclara-
tionGroupPrototype to DCM_ENABLE_RX_TX_NORM_NM
2. call BswM_Dcm_CommunicationMode_CurrentState with the parameters Net-
workHandleType set to the corresponding NetworkHandle of the network and
RequestedCommunicationMode set to DCM_ENABLE_RX_TX_NORM_NM
c()

Manager
Note: the NetworkHandles to be considered are all ComM channels which are refer-
enced from either DcmDspSpecificComMChannelRef, DcmDspAllComMChannel-
Ref or DcmDspComControlSubNodeComMChannelRef.
[SWS_Dcm_01077] d If a CommunicationControl Request with the sub-function "en-
ableRxAndDisableTxWithEnhancedAddressInformation" is received, the Dcm shall
check the "nodeIdentification-Number" listed as DcmDspComControlSubNodeId and
for the referenced network (see DcmDspComControlSubNodeComMChannelRef ), it
shall do the followings:
The analogue controlType enableRxAndDisableTx shall be used with the the following
existing Dcm_CommunicationModeType values:
• DCM_ENABLE_RX_DISABLE_TX_NORM
• DCM_ENABLE_RX_DISABLE_TX_NM
• DCM_ENABLE_RX_DISABLE_TX_NORM_NM.
c()
[SWS_Dcm_01078] d The Dcm shall trigger a negative response with NRC 0x31
(RequestOutOfRange), if a CommunicationControl Request with the sub-function
"enableRxAndDisableTxWithEnhancedAddressInformation" and a "nodeIdentification-
Number" which is not listed as DcmDspComControlSubNodeId is received. c()
[SWS_Dcm_01079] d If a CommunicationControl Request with the sub-function "en-
ableRxAndTxWithEnhancedAddressInformation" is received, the Dcm shall check the
"nodeIdentification-Number" listed as DcmDspComControlSubNodeId and for the
referenced network (see DcmDspComControlSubNodeComMChannelRef ) it shall
do the followings:
The analogue controlType enableRxAndTx shall be used with this the following existing
Dcm_CommunicationType values :

Manager
• DCM_ENABLE_RX_TX_NORM
• DCM_ENABLE_RX_TX_NM
• DCM_ENABLE_RX_TX_NORM_NM.
c()
[SWS_Dcm_01080] d The Dcm shall trigger a negative response with NRC 0x31 (Re-
questOutOfRange), if a CommunicationControl Request with the sub-function "en-
ableRxAndTxWithEnhancedAddressInformation" and a "nodeIdentification-Number"
which is not listed as DcmDspComControlSubNodeId is received. c()
[SWS_Dcm_01081] d If DcmDspComControlSubNodeUsed is set to FALSE the sub-
system (DcmDspComControlSubNode) is not available in this configuration. c()
[SWS_Dcm_01082] d If DcmDspComControlSubNodeUsed is set to TRUE the sub-
system (DcmDspComControlSubNode) is available in this configuration. c()
Note : Condition checks (i.e. NRC 22 checks) on CommunicationType and NetworkType
as well as check of CommunicationType support (i.e. NRC 0x31 check for Communi-
cationType) are not directly supported by the Dcm. Supplier/manufacturer notifications
can be used.
7.5.2.10 Service 0x29 - Authentication
The UDS service Authentication (0x29) is used to provide dynamic means to control
the access to diagnostic services. Execution of certain diagnostic services might have
impact on safety, emissions or the vehicle. Controlling the access to diagnostic ser-
vices via certificates provide means to control the access to diagnostic services after
production. The access to these resources can be limited in time or bound to certain
vehicles or ECUs only. AUTOSAR Dcm provides an out of the box solution for authen-
ticated diagnostics with a given semantics of the UDS service Authentication. Even
ISO 14229-1 [x] leaves more freedom, the Dcm will use only the functionality specified
in this chapter. Further interpretations, certificate types or certificate content are out
of scope of the AUTOSAR Dcm module. At the point of time this specification was de-
veloped, only the DIS (Draft International Standard) of ISO 14299-1:2018 is available.
Unless the official international standard ISO 14299-1:2018 is released, AUTOSAR will
implement a solution based on this not public available draft.

Manager

InfotypeServices ServiceRequestNotification
SecurityAccess RoutineServices
«abswRequires» «abswRequires»
«abswRequires»
DataServices «abswRequires» CallbackDCMRequestServices
«abswRequires»
«abswRequires» RequestManufacturerNotification «abswRequires»

DataServices_DIDRange
SecurityAccess ServiceRequestSupplierNotification
RequestControlServic
DataServicesPIDRPort InfotypeServices RoutineServices
CallbackDCMRequestServices
«abswRequires»
Dcm «abswRequires»
DataServices_DIDRange
RequestControlServices
Dem
«realize» «optional»
Dem_DcmReadDataOfOBDFreezeFrame «realize»
Dcm_MainFunction
«realize»
Dcm_Init NvM
«realize»
«optional» NvM_WriteBlock
«optional»
IoHwAb
«realize»
IoHwAb_Dcm «realize» «realize» «mandatory»
BswM
BswM_Dcm_ApplicationUpdated
PduR_General Dcm_PduR Dcm_ComM ComM ComM_Dcm

BswM_Dcm_CommunicationMode_CurrentState «mandatory» «realize» «realize»
PduR ComM
Figure 7.9: Authentication
[SWS_Dcm_01559] d The Dcm shall implement the UDS service Authentication (0x29)
for sub-functions:
• deAuthenticate
• verifyCertificateUnidirectional
• verifyCertificateBidirectional
• proofOfOwnership
• authenticationConfiguration
c(SRS_Diag_04215)
Note: AUTOSAR Dcm only implements the authentication via PKI certificated ex-
change. Authentication with challenge-response (ACR) is out of scope of AUTOSAR.

Manager
If it is required it needs a full custom implementation using existing Dcm callouts for
custom service processing.
[SWS_Dcm_01551] d The Dcm shall follow the NRC handling as defined for ISO
14229-1:2018 for UDS service authentication. This includes the NRC codes as well
as the order of individual NRC checks. c(SRS_Diag_04215)
[SWS_Dcm_CONSTR_6091] d The presence of a DcmDsdService with DcmDsd-
SidTabServiceId set to 0x29, requires a configured container DcmDspAuthentication
on DcmDsp. c()
SidTabServiceId set to 0x29, requires a configured DcmDspAuthenticationConnection
per configured connection DcmDslConnection. c()
[SWS_Dcm_CONSTR_6093] d Each DcmDspAuthenticationConnection shall refer a
different DcmDslMainConnection by the reference in DcmDspAuthenticationConnec-
tionMainConnectionRef. c()
The Dcm is using the Csm and KeyM for certificate management. Parsing the certifi-
cate is a potential time-consuming operation and needs to be executed asynchronous.
There are opinions that security shall not reveal any cause of failed authentication and
thus have no dedicated NRCs for different certificate failures. To respect this use case
the Dcm provides a general security NRC handling.
[SWS_Dcm_01560] d If the mode referenced by DcmDspAuthenticationGeneralNRC-
ModeRuleRef evaluates to true, the Dcm shall send the NRC code given in DcmDspAu-
thenticationGeneralNRC instead of the specific NRC codes in all situation where a
Certificate verification failed - NRC is returned. c(SRS_Diag_04215)
[SWS_Dcm_CONSTR_6094] d If DcmDspAuthenticationGeneralNRCModeRuleRef is
configured the parameter DcmDspAuthenticationGeneralNRC shall also be configured.
c()
7.5.2.10.1 De-authentication
The de-authenticate sub-function shall be always available if service 0x29 is used. This
service set the authentication state to deauthenticated for the diagnostic connection the
request was received on.
SidTabServiceId set to 0x29, requires a DcmDsdSubService on this DcmDsdService
with DcmDsdSubServiceId set to deAuthenticate. c()
[SWS_Dcm_01561] d On reception of an Authentication (0x29) service with sub-
function equal to de-authenticate, the Dcm shall set the authentication state to deau-
thenticated on the connection the Dcm has received that request. c(SRS_Diag_04215)

Manager
[SWS_Dcm_01565] d On reception of an Authentication (0x29) service with sub-

function equal to de-Authenticate, the Dcm shall reply with a positive response
having the authenticationReturnParameter set to DeAuthentication successful. c
(SRS_Diag_04215)
7.5.2.10.2 Verify Certificates
[SWS_Dcm_01459] Supported communicationConfiguration d On reception of an

Authentication (0x29) service with sub-function equal to verifyCertificateUnidirectional
or verifyCertificateBidirectional, the Dcm shall reply with an NRC 0x31 (requestOut-
OfRange) if the communicationConfiguration (COCO) parameter has a value different
than 0x00. c()
The support of a COCO with constant value of 0x00 implies that no session key is
supported by the Dcm. Upon receiving an authentication request with sub-function ver-
ifyCertificateUniDirectional and the communicationConfiguration (COCO) set to 0x00,
the Dcm starts to verify the certificate. This service is implemented on BSW level by in-
tention, to reduce the possible dialects of service 0x29 to what is natively supported by
AUTOSAR. The Csm [16] and KeyM [17] modules allow to use different cryptographic
methods. It is part of the Dcm strategy to explicitly require that certificates and all kind
of access to information inside are handled by the Csm and its configuration. This
allows to map different kind of certificates with different levels of security to the Dcm,
thus abstracting the certificate complexity from Dcm.
[SWS_Dcm_01460] Verify verifyCertificateUnidirectional message length check d
On reception of an Authentication (0x29) service with sub-function equal to verifyCer-
tificateUnidirectional, the Dcm shall verify that the message length fits to the size given
in the parameters lengthOfCertificateClient and return a NRC 0x13 if the size does not
match. c()
[SWS_Dcm_01461] Verify verifyCertificateBidirectional message length check d
On reception of an Authentication (0x29) service with sub-function equal to verifyCer-
tificateBidirectional, the Dcm shall verify that the message length fits to the size given
in the parameters lengthOfCertificateClient and lengthOfChallengeClient and return a
NRC 0x13 if the size does not match. The Dcm uses the lengthOfCertificateClient as
offset to calculate the position of lengthOfChallengeClient. c()
[SWS_Dcm_01462] Required configuration for bidirectional authentication d If
the sub-function verifyCertificateBidirectional is configured in the DsdServiceSubFunc-
tion for 0x29, the configuration parameters DcmDspAuthenticationECUCertifi-
cateRef and DcmDspAuthenticationECUCertificateKeyElementRef are re-
quired. c()
Store certificate in Csm
[SWS_Dcm_01463] Certificate validation d On reception of an Authentication (0x29)
service with sub-function equal to verifyCertificateUnidirectional or verifyCertificate-
Bidirectional, the Dcm shall use the KeyM API KeyM_SetCertificate to store the client

Manager
certificate from the service request within the KeyM module. The following parameter
values shall be used:
• CertificateId = DcmDspAuthenticationConnectionCertificateRef ->
KeyMCertificate.KeyMCertificateId
• certificateDataPtr.certData = Pointer to certificateClient from Request
• certificateDataPtr.certDataLength = lengthOfCertificateClient from Request
c()
Diagnostic certificate configuration is a task that is mainly executed in the Csm and
KeyM modules. The Dcm provides an abstraction from these modules and only keeps
symbolic references to containers that keep the information. Please take attention
while configuring the Csm and KeyM ’in spirit of Dcm certificates’.
[SWS_Dcm_01464] Invalid certificate size failure d If the API KeyM_SetCertificate
returns KEYM_E_SIZE_MISMATCH, the Dcm shall return the NRC 0x13 (incorrectMes-
sageLengthOrInvalidFormat). c()
[SWS_Dcm_01465] Behavior on busy crypto operation d If any of the Csm or KeyM
APIs called by the Dcm is returning CRYPTO_E_BUSY or KEYM_E_BUSY, the Dcm
shall return the NRC 0x21 (busyRepeat). c()
[SWS_Dcm_01466] Csm APIs returning failure code behavior d Throughout this
chapter the Csm or KeyM are used to process the authentication requests. These
APIs have return values for failures. Unless there is no dedicated requirement for a
given return value and if the return value is different to E_OK, the Dcm shall return a
NRC 0x10 ’GeneralReject’. c()
The cryptographic operations have potential long execution times and are called asyn-
chronously.
[SWS_Dcm_01467] Asynchronous certificate operation handling d For all asyn-
chronous Csm or KeyM operations, the Dcm shall wait until the callback has been
called, indicating a successful job termination. If the result (e.g. KeyM_ResultType) is
E_OK, the Dcm shall continue to process the 0x29 request, if the result is different to
E_OK, the Dcm shall skip the further processing and return a negative response with
NRC ’GeneralReject’. c()
Parse and Verify certificate in Csm
[SWS_Dcm_01468] Verifying client certificate d After the Dcm has set the certifi-
cate according to [SWS_Dcm_01463], the Dcm shall verify the certificate by calling
KeyM_VerifyCertificate with the following parameters:
• CertificateId = DcmDspAuthenticationConnectionCertificateRef ->
KeyMMCertificate.KeyMCertificateId
c()

Manager
[SWS_Dcm_01469] Behavior on failed certificate verification d After the Dcm has

verified a certificate and KeyM_ReturnType is set to KEYM_E_SIGNATURE_FAIL, the
Dcm shall send a negative response with NRC set to ’Certificate verification failed -
Invalid Signature’. c()
[SWS_Dcm_01470] Check certificate chain of trust d If the operation started in
[SWS_Dcm_01468] returns a result of KEYM_E_INVALID_CHAIN_OF_TRUST, the
Dcm shall refuse the client certificate and return a negative response with NRC ’Cer-
tificate verification failed - Invalid Chain of Trust’. c()
[SWS_Dcm_01471] Check certificate type d If the operation started in
[SWS_Dcm_01468] returns a result of KEYM_E_INVALID_TYPE, the Dcm shall refuse
the client certificate and return a negative response with NRC ’Certificate verification
failed - Invalid Type’. c()
[SWS_Dcm_01472] Check certificate format d If the operation started in
[SWS_Dcm_01468] returns a result of KEYM_E_INVALID_FORMAT, the Dcm shall
refuse the client certificate and return a negative response with NRC ’Certificate ver-
ification failed - Invalid Format’. c()
[SWS_Dcm_01468] returns a result of KEYM_E_INVALID_CONTENT, the Dcm shall
refuse the client certificate and return a negative response with NRC ’Certificate verifi-
cation failed - Invalid Content’. c()
[SWS_Dcm_01468] returns a result of KEYM_E_INVALID_SCOPE, the Dcm shall
refuse the client certificate and return a negative response with NRC ’Certificate ver-
ification failed - Invalid Scope’. c()
[SWS_Dcm_01468] returns a result of KEYM_E_CERTIFICATE_REVOKED, the Dcm
shall refuse the client certificate and return a negative response with NRC ’Certificate
verification failed - Invalid Certificate (revoked)’. c()
[SWS_Dcm_01476] Check certificate valid until d If the operation started in
[SWS_Dcm_01468] returns a result of KEYM_E_VALIDITY_PERIOD_FAIL, the Dcm
shall refuse the client certificate and return a negative response with NRC ’Certificate
verification failed - Invalid Time Period’. c()
Verify target identification
Certificates can have target constraints, such as limiting a certificate to a certain VIN
or ECU version number. This is realized by target identification blocks as elements of
the certificate. A target identification block is evaluated at runtime, only if all items are
fulfilled, the certificate is accepted by the Dcm. Each target identification element is
mapped to a compare value of a DcmModeCondition. A DcmModeRule combines
these conditions to one term that evaluates to true or false.

Manager
[SWS_Dcm_01490] Certificate acceptance by target identification d The Dcm shall

only accept certificates if the configured mode rule referenced by DcmDspAuthenti-
cationTargetIdentificationModeRuleRef is evaluated to true. c()
[SWS_Dcm_01491] Behavior on failed target identification d If the config-
ured mode rule referenced by DcmDspAuthenticationTargetIdentification-
ModeRuleRef is evaluated to fail, the Dcm shall refuse the certificate and send a neg-
ative response with NRC ’Certificate verification failed - Invalid Scope’. c()
[SWS_Dcm_01492] Invalid target identification block data d If the Dcm fails to match
the target identification block data from DcmModeConditionConnectionCertificateCom-
pareElementRef as valid (e.g. number of required bytes do not match), the Dcm shall
send a negative response with NRC ’Certificate verification failed - Invalid Format’. c()
Providing the server challenge
[SWS_Dcm_01493] Creating the server challenge d After successfully validating the
client certificate in [SWS_Dcm_01463], the Dcm shall create a server challenge by
using the Csm in the following sequence:
1) Call of Csm_RandomGenerate with parameters
a. jobId : DcmDspAuthenticationRandomJobRef -> CsmJobId
2) Wait until the asynchronous job has terminated according to [SWS_Dcm_01467].
c()
The API Csm_RandomGenerate requires an initialised random generator. The initial-
ization of the random generator is a task of the system (integrator).
[SWS_Dcm_01503] Sending positive response on verifyCertificateUniDirectional
d If the Dcm has successfully calculated server challenge the Dcm shall send a positive
response for the verifyCertificateUniDirectional request with the following parameter
values:
authenticationReturnParameter : ’Certificate verified, Ownership verification neces-
sary’
lengtfOfChallengeServer: length of the challenge generated in [SWS_Dcm_01493]
challengeServer: challenge generated in [SWS_Dcm_01493]
lengthOfEphemeralPublicKeyServer: 0x0000
c()
Processing a diagnostic request verifyCertificateBidirectional will furthermore require
the Dcm to send a server certificate and signing the client challenge. Therefore, the
following steps are done additionally for verifyCertificateBidirectional.
[SWS_Dcm_01504] Signing client challenge d On reception of an Authentication
(0x29) service with sub-function equal to verifyCertificateBidirectional, the Dcm shall
sign the received client challenge by calling Csm_SignatureGenerate with the following
parameter values:
jobId: DcmDspAuthenticationClientChallengeSignJobRef -> CsmJobId
mode: CRYPTO_OPERATIONMODE_SINGLECALL
dataPtr: Pointer to challengeClient in request
dataLength: lengthOfChallengeClient from request

Manager
resultPtr: Dcm sided buffer to store the proofOfOwnershipServer

resultLengthPtr: Response data for lengthOfProofOfOwnershipServer
c()
[SWS_Dcm_01505] Require asynchronous client challenge signing d DcmDspAu-
thenticationClientChallengeSignJobRef shall be only accepted if the refer-
enced CsmJob itself:
• references a CsmSignatureGenerateConfig with CsmSignatureGeneratePro-
cessing set to CSM_ASYNCHRONOUS.
• references a CsmPrimitive with an aggregated CsmSignatureGenerate
c()
[SWS_Dcm_01506] Providing the server certificate d On reception of an Au-
thentication (0x29) service with sub-function equal to verifyCertificateBidirectional,
the Dcm shall provide the server certificate in the response. The Dcm shall call
KeyM_GetCertificate with the following parameters:
certId: DcmDspAuthenticationECUCertificateRef/KeyMCertificateId
certificateDataPtr: Dcm implementation specific
c()
[SWS_Dcm_01507] Server certificate size check d If the API Csm_GetKeyElement
returns CRYPTO_E_SMALL_BUFFER, the Dcm shall return NRC 0x14 (responseToo-
Long). c()
[SWS_Dcm_01508] Sending positive response on verifyCertificateBidirectional d
If the Dcm has successfully calculated server challenge, the server challenge and the
server certificate, the Dcm shall send a positive response for the verifyCertificateBidi-
rectional request with the following parameter values:
authenticationReturnParameter: ’Certificate verified, Ownership verification neces-
sary’
lengtfOfChallengeServer: length of the challenge generated in [SWS_Dcm_01493]
challengeServer: challenge generated in [SWS_Dcm_01493]
lengthOfCertificateServer: length of the certificated provided in [SWS_Dcm_01506]
certificateServer: certificated provided in [SWS_Dcm_01506]
lengthOfProofOfOwnershipServer: length of proof-of-ownership server created in
[SWS_Dcm_01504]
proofOfOwnershipServer: proof-of-ownership server created in [SWS_Dcm_01504]
lengthOfEphemeralPublicKeyServer: 0x0000
c()
7.5.2.10.3 Proof of ownership client
[SWS_Dcm_01509] Sequence check d On reception of an Authentication (0x29) ser-

vice with sub-function equal to proofOfOwnership and if on this connection the most
recent processed verifyCertificateUnidirectional or verifyCertificateBidirectional service

Manager
failed or no such sub-function was processed yet, the Dcm shall send the negative
response ’requestSequenceError’. The connection shall remain in de-authenticated
state. c()
[SWS_Dcm_01510] Proof of ownership message length check d On reception of an
Authentication (0x29) service with sub-function equal to proofOfOwnership, the Dcm
shall verify that the message length fits to the size given in the parameters length-
OfProofOfOwnershipClient and lengthOfEphemeralPublicKeyClient and return a NRC
0x13 if the size does not match. c()
[SWS_Dcm_01511] Client proof of ownership verification d On reception of an
Authentication (0x29) service with sub-function equal to proofOfOwnership, the Dcm
shall verify the client’s proof of ownership data provide in the request by calling
Csm_SignatureVerify with the following in-parameters:
jobId: DcmDspAuthenticationVerifyProofOfOwnerShipClientJobRef ->
CsmJob.CsmJobId
mode: set to CRYPTO_OPERATIONMODE_SINGLECALL
dataPtr: challenge generated [SWS_Dcm_01493]
dataLength: length of the challenge generated in [SWS_Dcm_01493]
signaturePtr: proofOfOwnerShipClient from request
signatureLength: lengthOfProofOfOwnerShipClient from request
c()
[SWS_Dcm_01512] Failed ownership verification d If the result of
Csm_SignatureVerify from [SWS_Dcm_01511] is Crypto_VerifyResultType equal
to CRYPTO_E_VER_NOT_OK, the Dcm shall send a negative response with NRC
’Ownership verification failed’. c()
[SWS_Dcm_01513] SessionKey support d Upon sending a positive response for an
authentication request with sub-function equal to proofOfOwnership, the Dcm shall:
• set all bytes of lengthOfSessionKeyInfo to 0x00
• omit the sessionKeyInfo
c()
Set current role
[SWS_Dcm_01514] Update the current role d If the proof of ownership verification
in [SWS_Dcm_01511] was successful and resulted in CRYPTO_E_VER_OK, the Dcm
shall use the value read from the certificate extension DcmDspAuthentication-
RoleElementRef as new role for the current authenticated state. c()
[SWS_Dcm_01515] Role size check d If the size of the read role information in
[SWS_Dcm_01514] is different than the size in DcmDspAuthenticationRoleSize,
the Dcm shall send a negative response with NRC ’Certificate verification failed - Invalid
Content’. c()
Set white list

Manager
[SWS_Dcm_01516] Update the current whitelist d If the proof of ownership verifica-

tion in [SWS_Dcm_01511] was successful and resulted in CRYPTO_E_VER_OK, the
Dcm shall use the white list read from the certificate according to [SWS_Dcm_01517]
as new white list for the current authenticated state. c()
[SWS_Dcm_01517] White list access d To read the white list from a certificate,
the Dcm shall read all child elements from the referenced DcmDspAuthentica-
tionWhiteListServicesElementRef, DcmDspAuthenticationWhiteList-
DIDElementRef, DcmDspAuthenticationWhiteListRIDElementRef and
DcmDspAuthenticationWhiteListMemorySelectionElementRef certifi-
cate data, by repeating calling the sequence of KeyM_CertElementGetFirst and
KeyM_CertElementGetNext until no further child element is available. The Dcm shall
use the following in parameter values:
certId: DcmDspAuthenticationClientCertificateRef -> KeyMCertifi-
cate.KeyMCertificateId
certElementId: DcmDspAuthenticationWhiteListMemorySelectionElemen-
tRef -> KeyMCertificateElement.KeyMCertificateElementId
c()
[SWS_Dcm_01518] White list size check d If the size of the read white list infor-
mation in [SWS_Dcm_01516] is larger than the size in DcmDspAuthentication-
WhiteListMemorySelectionMaxSize, the Dcm shall send a negative response
with NRC ’Certificate verification failed - Invalid Content’. c()
[SWS_Dcm_CONSTR_6087] Required size for white lists d If any of the optional
DcmDspAuthenticationWhiteListMemorySelectionElementRef are config-
ured, the corresponding DcmDspAuthenticationWhiteListMemorySelection-
MaxSize shall be configured for that white list. c()
7.5.2.10.4 Definition and verification of roles
The roles transmitted inside the certificates are used to assign a tester on one con-
nection one or more roles. A single role itself is presented by a certain bit within the
bitfield representation of the role. Within the Dcm there is static role assignment to each
diagnostic service. A service can be executed if at least one role (bit) assigned to a
service matches a role (bit) in the certificate.
[SWS_Dcm_CONSTR_6088] Supported role sizes d The parameter DcmDspAu-
thenticationRoleSize defines the size in bytes used in both, certificates and ECU
internal static role configuration. All role parameters (e.g. DcmDspServiceRole) shall
have values that would fit in the amount of bytes given by DcmDspAuthentication-
RoleSize. c()
[SWS_Dcm_01521] Integer interpretation of roles in certificates d The Dcm shall
interpret all configured role integer values in the little endian format. c()
[SWS_Dcm_01522] Role verification d Upon each role verification, the Dcm shall
make a bitwise ’and’ operation on the role provided in the certificate for that connection

Manager
and the role assigned to the service. If the result is greater than 0, the Dcm shall treat
the service as allowed to be executed. c()
[SWS_Dcm_01523] Failed role verification d Upon each role verification, the Dcm
shall make a bitwise ’and’ operation on the role provided in the certificate for that con-
nection and the role assigned to the service. If the result is equal to 0, the Dcm shall
stop the processing of that service and send a negative response ’authenticationRe-
quired’. c()
An example of roles in certificates and services with assigned certificates is given in
Figure 7.10. The provided certificate uses 1 byte for roles, with 5 role definitions in.
The certificate will grant the tester rights for the roles ’AfterSales’ and ’ExtendedUser’.
With that certificate, the tester can execute the services that have the corresponding
permissions to be executed in that roles. In that example, the service 0x28 and 0x11
01 are both allowed to be executed. The routine with identifier 0x5678 is only allowed
to be executed in role ’production’, the Dcm will deny the execution with NRC ’authenti-
cationRequired’.
Figure 7.10: Example for roles
7.5.2.10.5 Definition and verification of white lists
Besides the use of roles, the certificates can get extended with optional white lists
for service execution. This allows the issuer of the certificate to extend the range of
allowed services without updating the access lists in the ECU.
The white list is build out of the following elements:
• List of allowed services, 1-4 byte each
• List of allowed data identifiers (DID) and access information, 3 byte each
• List of allowed routine identifiers (RID) and access information, 3 byte each
• List of allowed user defined fault memories, 1 byte each

Manager
Parsing and access to the different elements of the white lists is done by
invoking KeyM_CertElementGetFirst and KeyM_CertElementGetNext according to
[SWS_Dcm_01517].
[SWS_Dcm_01524] White list for services definition d The white list for services is
a set of values, each consisting of up to 4 bytes. Each value itself contains the first
bytes of a diagnostic service that is allowed be executed. c()
Example:
In the following example, a white list section within a certificate is shown. It contains 5
additional services that can be executed:
1 ...
2 SEQUENCE (1 elem)
3 SEQUENCE (2 elem)
4 OBJECT IDENTIFIER 3.9.3.345.3.1.3453.24.3.9.355.73
5 SET (6 elem)
6 OCTET STRING (1 byte) 85
7 OCTET STRING (2 byte) 1101
8 OCTET STRING (3 byte) 22123A
9 OCTET STRING (3 byte) 2E123A
10 OCTET STRING (4 byte) 310113F4
11 SEQUENCE (3 elem) ....
This will allow the Dcm to execute:
• Service 0x85 (with any sub-subfunction and DTCSettingControlOptionRecord

byte)
• Service 0x11 01
• Read and WriteDataByIdentifier for DID 0x123A
• Routine Start for RID 0x13F4
Checks for white lists for services are all done at DSD level. The Dcm checks if the first
bytes of a received diagnostic request match the values allowed by the white list. If a
white list entry exists where all bytes are matching the first bytes of the request, the
service is granted access.
For all other white lists, the Dcm performs the checks at DSP level in the corresponding
service processors.
Please note that it is possible to allow a DID execution in two places in the white list: 1)
as 3 byte service and 2) as DID in the DID list. The difference is that the service checks
only the first 3 bytes of the PDU and will not detect the DID being used in multiple DID or
dynamically defined DID requests, while the DID list element is verified in all services
requesting the DID.
[SWS_Dcm_01525] White list definition for DIDs d The white list for DIDs defines
the set of data identifiers that are allowed to be read, written and controlled. Each entry

Manager
shall contain in the first two bytes the DID number and in the third byte the following
access definitions:
• Bit 0: Read access
• Bit1: Write access
• Bit2: Control access (by InputOutputControlByIdentifier)
A bit value of 0 means that the operation is forbidden, a bit value of 1 means that the
operation is allowed. All not used bits (3-7) shall be set to zero.
DID numbers are always in big endian format (MSB first). c()
Example:
DID access record Grants access to

0x1A90 0x01 All read data by identifier operations for DID 0x1A90
0x314F 0x05 All read data by identifier and IOcontrol operations for DID
0x314F
DID read operations are performed from various UDS services. Dcm checks on each
DID read the access to that DID.
[SWS_Dcm_01526] White list definition for RIDs d The white list for RIDs defines
the set of routine identifiers that have access to the sub-functions startRoutine, sto-
pRoutine and requestRoutineResult. Each entry shall contain in the first two bytes the
RID number and in the third byte the following access definitions:
• Bit 0: Access to sub-function ’startRoutine’
• Bit1: Access to sub-function ’stopRoutine’
• Bit2: Access to sub-function ’requestRoutineResult’
A bit value of 0 means that the sub-function is forbidden, a bit value of 1 means that
the sub-function is allowed. All not used bits (3-7) shall be set to zero.
RID numbers are always in big endian format (MSB first). c()
Example:
RID access record Grants access to

0x0240 0x01 StartRoutine is allowed for RID 0x0240
0x028A 0x07 All routine sub-functions are allowed for RID 0x28A
[SWS_Dcm_01527] White list definition for MemorySelection d The white list mem-
ory selection is used for the UDS service 0x19 with sub-functions 0x17, 0x18 and 0x19.
The value in the white list defines the accepted parameter values for MemorySelection
in the UDS request. c()

Manager
Transition into authenticated session
[SWS_Dcm_01528] Transition into authenticated state d If the proof of

ownership verification in [SWS_Dcm_01511] was successful and resulted in
CRYPTO_E_VER_OK and after the role and white list setting was done,
the Dcm shall set the DcmAuthenticationState_Channel on that connection into
DCM_AUTHENTICATED. c()
[SWS_Dcm_01529] Successful ownership verification d If the result of
Csm_SignatureVerify from [SWS_Dcm_01511] is Crypto_VerifyResultType equal to
CRYPTO_E_VER_OK, the Dcm shall send a positive response with authentication-
ReturnParameter set to ’Ownership verified, Authentication complete’ and providing a
size of 0 for lengthOfSessionKeyInfo and no sessionKeyInfo. c()
[SWS_Dcm_01530] Persisting authentication state d If the result of
Csm_SignatureVerify from [SWS_Dcm_01511] is Crypto_VerifyResultType equal
to CRYPTO_E_VER_OK and the mode rule referenced by DcmDspAuthentica-
tionPersistStateModeRuleRef is evaluated to true, the Dcm shall persist the
authentication state, role and white list on that connection. c()
[SWS_Dcm_01531] Activation of role and white list d The DCM shall consider the
role and white list for access control only, if the DCM is in authenticated state. c()
[SWS_Dcm_01532] Re-entering authenticated state d If the Dcm is already in au-
thenticated state while a transition to authentication stated is requested according to
[SWS_Dcm_01529], the Dcm shall overwrite the roles and white list and use only the
role and white last from the last received certificate. c()
7.5.2.10.6 AuthenticationConfiguration
[SWS_Dcm_00852] d If the configuration parameter DcmSupportDTCSettingCon-

trolOptionRecord is set to false and the request contains any data after the sub-
function, the Dcm shall return NRC 0x13 (Incorrect message length or invalid format).
c()
[SWS_Dcm_01533] Providing the authentication configuration d If DcmDspAu-
thentication is configured and an Authentication (0x29) service with sub-
function equal to authenticationConfiguration is received, the Dcm shall send a posi-
tive response with authenticationReturnParameter set to ’AuthenticationConfiguration
APCE’. c()
7.5.2.11 Service 0x2A - ReadDataByPeriodicIdentifier
[SWS_Dcm_00254] d The DSP submodule shall implement the UDS Service Read-
DataByPeriodicIdentifier (0x2A) c(SRS_Diag_04215)

Manager
[SWS_Dcm_01093] d On reception of the UDS Service ReadDataByPeriodicIdentifier

(0x2A), the Dcm module shall check the request minimum length. If length of the re-
quest is wrong, the Dcm module shall send a NRC 0x13 (Incorrect message length or
invalid format). c(SRS_Diag_04215)
[SWS_Dcm_01552] d On reception of the UDS Service ReadDataByPeriodicIdenti-
fier (0x2A), the Dcm shall check if the access to all static defined requested DIDs is
authenticated and read the data identifiers periodically only if:
c(SRS_Diag_04215)
(0x2A), the Dcm shall check if the access to all dynamically defined requested DIDs
if the content is based of DIDs or parts of DIDs is authenticated and read the data
identifiers periodically only if:
c(SRS_Diag_04215)
(0x2A), for every requested periodicDIDs, the Dcm module shall check if the peri-
odicDID can be read in the current session (see configuration parameter DcmDsp-
DidReadSessionRef). If none of the periodicDID can be read in the current session,
the Dcm module shall send a NRC 0x31 (RequestOutOfRange). c(SRS_Diag_04215)
(0x2A), for every requested periodicDIDs, the Dcm module shall check if the periodic-
DID can be read in the current security level (see configuration parameter DcmDsp-
DidReadSecurityLevelRef). If not, the Dcm module shall send NRC 0x33 (Security
access denied). c(SRS_Diag_04215)
DID can be read in the current mode condition (see configuration parameter DcmDsp-
DidReadModeRuleRef). If not, the Dcm module shall send the calculated negative
response code of the reference DcmModeRule c(SRS_Diag_04215)

Manager
[SWS_Dcm_01097] d On reception of the UDS Service ReadDataByPeriodicI-

dentifier (0x2A), if verification has been successfully done ([SWS_Dcm_00721],
[SWS_Dcm_00722] and [SWS_Dcm_00820]), and if the request contains one or more
dynamically defined DID(s), the Dcm module shall do the session, security and mode
dependencies checks for all source data in case the configuration parameter DcmD-
spDDDIDcheckPerSourceDID is set to TRUE. c(SRS_Diag_04215)
(0x2A), for every requested periodicDIDs, the Dcm module shall invoke the Condi-
tionCheckRead operation (or the respective C-Function) if configured. In case of a
negative result, the returned ErrorCode shall be used as final negative response code.
c(SRS_Diag_04215)
(0x2A), for every requested periodicDIDs, with a configured dynamic length the Dcm
module shall invoke the ReadDataLength operation (or the respective C-Function) to
retrieve the length of the periodicDID. This length is valid for each ReadData operation
till the periodicDID is removed from the scheduler or updated via a new request. This
length shall further be used to check against the UUDT size. c(SRS_Diag_04215)
(0x2A) with transmissionMode different than stopSending, the Dcm shall do the verifi-
cation for session, security and mode rule. c(SRS_Diag_04215)
(0x2A) with transmissionMode = stopSending, the Dcm shall skip the verification for
security and mode rule. c(SRS_Diag_04215)
fier (0x2A) with transmissionMode = stopSending and no periodicDataIdentifier in
the request, the Dcm shall stop all scheduled periodicDataIdentifier transmissions. c
(SRS_Diag_04215)
(0x2A) with transmissionMode = stopSending and at least one periodicDataIdenti-
fier is in the request, the Dcm shall stop the scheduled periodic data transmissions
for all requested and in the current session supported periodicDataIdentifiers. c
(SRS_Diag_04215)
and unsigned integer) into the response message of ReadDataByPeriodicIden-
tifier responses the target endianness configured in DcmDspDataEndianness
shall be considered for DcmDspData elements having DcmDspDataUsePort set
to USE_DATA_SENDER_RECEIVER, USE_DATA_SENDER_RECEIVER_AS_SERVICE,
USE_ECU_SIGNAL. In case DcmDspDataEndianness is not present, the DcmDsp-
DataDefaultEndianness shall be used instead. c(SRS_Diag_04215)

Manager

(0x2A),the Dcm module shall check if the periodicDataIdentifiers requested in a sin-
gle request do not exceed the configured DcmDspMaxPeriodicDidToRead (max-
imum length check). Otherwise (in case the number of elements is exceeded) the
Dcm module shall send a NRC 0x13 (Incorrect message length or invalid format). c
(SRS_Diag_04215)
fier(0x2A), the Dcm module shall check if the transmissionMode is supported, otherwise
the Dcm module shall send a NRC 0x31(Request out of range). c(SRS_Diag_04215)
Note: With UDS Service ReadDataByPeriodicIdentifier (0x2A), the tester can start one
or more periodicDIDs.
Note: A request of UDS Service ReadDataByPeriodicIdentifier will contain DIDs repre-
sented by only one byte, the low byte of the configured DID. In all cases the complete
DID will be constructed by adding 0xF2 as high byte.
DID is supported (see configuration parameter DcmDspDid). If none of the periodic-
DIDs are supported, the Dcm module shall send NRC 0x31 (Request out of range). c
(SRS_Diag_04215)
Dcm shall consider the DID as not supported. c(SRS_Diag_04215)
fier(0x2A) with transmissionMode different than 0x04 "stopSending", the Dcm module
shall check if all requested periodicDataIdentifiers not currently in the periodic sched-
uler can be added to the scheduler considering the free space of the scheduler (max-
imum size is defined by configuration parameter DcmDspMaxPeriodicDidSched-
uler). Otherwise (in case the requested periodicDataIdentifiers can not be added
to the scheduler) the Dcm module shall send a NRC 0x31 (RequestOutOfRange). c
(SRS_Diag_04215)
Note : To optimize the resource consumption AUTOSAR has chosen a simplified ap-
proach to validate the request message. ISO recommends to check the size only for
currently supported dataIdentifers.
7.5.2.11.1 Scheduler PeriodicTransmission
Note: The periodic responses will only contain the DID and its data, and no Service
ID (no A_PCI byte).
[SWS_Dcm_01101] d All periodic responses (scheduled responses, not the initial re-
sponse) will use dedicated IF-PDU’s and transmission will be done through PduR. Each
time PduR_DcmTransmit is called the data pointer shall be valid. c(SRS_Diag_04215)

Manager
Note : Only UUDT messages (IF-PDUs) are supported

[SWS_Dcm_01102] d After triggering the transmission request to the PduR the corre-
sponding periodicDID counter shall be reloaded. c(SRS_Diag_04215)
[SWS_Dcm_01103] d The Dcm shall not trigger a transmission request to the PduR
unless the transmit confirmation for the previously transmitted periodic response is
received. c(SRS_Diag_04215)
[SWS_Dcm_01104] d In case of multiple configured UUDT messages, the Dcm shall
use always the same order of periodicDIDs per client. Transmission errors shall not
influence this order, the Dcm shall continue to retry the transmission. The Dcm shall
consider the priority inversion of message transmission as well. c(SRS_Diag_04215)
[SWS_Dcm_01105] d After the periodicDIDs are started, initial request was responded
positively, no negative response will be sent for those periodicDID’s (when periodically
triggered). c(SRS_Diag_04215)
[SWS_Dcm_01106] d Each time the counter of a periodicDataIdentifiers elapses, the
Dcm shall retrieve the data via the ReadData operation (or respective C-Function) with-
out validating the other conditions (i.e. session, security, mode dependencies, Condi-
tionCheckRead and ReadDataLength). c(SRS_Diag_04215)
[SWS_Dcm_01107] d When the diagnostic session changes to DefaultSes-
sion, any scheduled periodic DID shall be stopped (see [SWS_Dcm_01113],
[SWS_Dcm_01114], [SWS_Dcm_01115], [SWS_Dcm_01116], [SWS_Dcm_01117]
and [SWS_Dcm_01118]). c(SRS_Diag_04215)
[SWS_Dcm_01108] d When the diagnostic session changes to a non-defaultSession,
any scheduled periodic DID that was restricted by security access shall be
stopped (see [SWS_Dcm_01113], [SWS_Dcm_01114], [SWS_Dcm_01115],
[SWS_Dcm_01116], [SWS_Dcm_01117] and [SWS_Dcm_01118]). c
(SRS_Diag_04215)
[SWS_Dcm_01109] d When the diagnostic session changes to a non-defaultSession,
any scheduled periodic DID that is not supported in the new session shall be
stopped (see [SWS_Dcm_01113], [SWS_Dcm_01114], [SWS_Dcm_01115],
[SWS_Dcm_01116], [SWS_Dcm_01117] and [SWS_Dcm_01118]). c
(SRS_Diag_04215)
Note: The rate for a specific transmissionMode (DcmDspPeriodicTransmis-
sionSlowRate, DcmDspPeriodicTransmissionMediumRate, DcmDspPeriod-
icTransmissionFastRate) is defined as the time between any two consecutive
response messages with the same periodicDataIdentifier, when only a single period-
icDID is scheduled. If multiple periodicDIDs are scheduled concurrently, the effective
period between the same periodicDataIdentifier will vary based upon the following de-
sign parameters:
• The main function recurrence (see configuration parameter DcmTaskTime)
• The number of available periodic connections

Manager
• The number of periodicDIDs that can be scheduled concurrently (see configura-

tion parameter DcmDspMaxPeriodicDidScheduler).
[SWS_Dcm_01110] d On any security level change, the Dcm shall stop any sched-
uled periodic DID (see [SWS_Dcm_01113], [SWS_Dcm_01114], [SWS_Dcm_01115],
[SWS_Dcm_01116], [SWS_Dcm_01117] and [SWS_Dcm_01118]), that was restricted
by security access, but not supported by the new security level anymore. c
(SRS_Diag_04215)
[SWS_Dcm_01111] d On any Session change, the Dcm shall stop any scheduled pe-
riodic DDDID (see [SWS_Dcm_01114], [SWS_Dcm_01116], [SWS_Dcm_01117] and
[SWS_Dcm_01118]), that contains source data, not supported in the current session or
requires security access, in case the configuration parameter DcmDspDDDIDcheck-
PerSourceDID is set to TRUE c(SRS_Diag_04215)
[SWS_Dcm_01112] d On any security level change, the Dcm shall stop any scheduled
periodic DDDID (see [SWS_Dcm_01114], [SWS_Dcm_01116], [SWS_Dcm_01117]
and [SWS_Dcm_01118]), that contains source data, not supported in the current se-
curity level, in case the configuration parameter DcmDspDDDIDcheckPerSourceDID
is set to TRUE. c(SRS_Diag_04215)
[SWS_Dcm_01113] d On a static periodic DID stop event, the Dcm shall no longer
call the "ReadData" function of this DID’s data (i.e. periodic DID is removed from
scheduler). c(SRS_Diag_04215)
[SWS_Dcm_01114] d On a dynamically defined periodic DID stop event, the Dcm shall
no longer call any source data "ReadMemory" or "ReadData" function of the periodic
DDDID (i.e. periodic DDDID is removed from scheduler). c(SRS_Diag_04215)
[SWS_Dcm_01115] d On a static periodic DID stop event, after the asynchronous call
of its data service port has already been initiated (i.e. its "ReadData" port operation
already returned E_PENDING), the corresponding service port shall be immediately
aborted by signaling OpStatus=DCM_CANCEL. c(SRS_Diag_04215)
[SWS_Dcm_01116] d On a dynamically defined periodic DID stop event, after the
asynchronous call of its source data service port/callout has already been initiated (e.g.
a "ReadMemory" callout already returned DCM_READ_PENDING), the corresponding
service port/callout shall be immediately aborted by signaling OpStatus=DCM_CANCEL.
c(SRS_Diag_04215)
[SWS_Dcm_01117] d On a periodic DID stop event, all its data in a Dcm queue (waiting
to be transmitted) is cleared. c(SRS_Diag_04215)
[SWS_Dcm_01118] d On a periodic DID stop event, Dcm will NOT try to can-
cel any data transmission already initiated by the call of PduR_DcmTransmit. c
(SRS_Diag_04215)

Manager
7.5.2.12 Service 0x2C - DynamicallyDefineDataIdentifier
[SWS_Dcm_00259] d The DSP submodule shall implement the DynamicallyDefine-

DataIdentifier (service 0x2C, diagnostic data access) of the Unified Diagnostic Ser-
vices. c()
The DynamicallyDefineDataIdentifier service is implemented internally in Dcm module.
[SWS_Dcm_00866] d If DcmDDDIDStorage configuration parameter is set to FALSE,
the Dcm shall initialize all DDDIDs as not present at power-up Dcm_Init). c()
[SWS_Dcm_00867] d If DcmDDDIDStorage configuration parameter is set to TRUE,
the Dcm shall restore the DDDID definition from NvM at power-up Dcm_Init). c()
[SWS_Dcm_00868] d If DcmDDDIDStorage configuration parameter is set to
TRUE, the Dcm shall trigger the storage of the DDDID definition to NvRam (via
NvM_SetRamBlockStatus). c()
[SWS_Dcm_00646] d On reception of service DynamicallyDefineDataIdentifier with
subservice defineByIdentifier or defineByMemoryAddress, the Dcm module shall con-
figure this new DID with associated information receive from the diagnostic request:
Memory address and memory length or DID source, position and size. c()
[SWS_Dcm_00861] d On reception of the UDS Service DynamicallyDefineDataIdenti-
fier (0x2C), the Dcm module shall check if the DDDID will not exceed the configured
parameter value DcmDspDDDIDMaxElements. Otherwise (in case the number of ele-
ments will be exceeded) the Dcm module shall send a NRC 0x31 (RequestOutOfRange).
c()
[SWS_Dcm_00854] d On reception of the UDS Service DynamicallyDefineDataIden-
tifier (0x2C) with subservice defineByMemoryAddress, the Dcm shall check if the re-
quested AddressAndLengthFormatIdentifier is supported (refer to configura-
tion parameter DcmDspSupportedAddressAndLengthFormatIdentifier), Oth-
erwise the NRC 0x31 (requestOutOfRange) shall be responded. In case the container
AddressAndLengthFormatIdentifier is not present, the Dcm shall accept all
possible AddressAndLengthFormatIdentifiers. c()
[SWS_Dcm_00647] d On reception of service DynamicallyDefineDataIdentifier with
subservice clearDynamicallyDefinedDataIdentifier, the Dcm module shall remove the
configuration of this DID. c()
tifier (0x2C),the Dcm module shall check if the DDDID can be defined in the current
session (see configuration parameter DcmDspDidReadSessionRef). If not, the Dcm
module shall send a NRC 0x31 (RequestOutOfRange). c()
tifier (0x2C), the Dcm module shall check if the DDDID can be defined in the current
security level (see configuration parameter DcmDspDidReadSecurityLevelRef). If
not, the Dcm module shall send NRC 0x33 (Security access denied). c()

Manager

fier (0x2C), the Dcm module shall check if the requested Source-DIDs are supported in
the current session (see configuration parameter of referenced DID DcmDspDidRead-
SessionRef)). If not, the Dcm module shall send a NRC 0x31 (RequestOutOfRange).
c()
tifier (0x2C), the Dcm module shall check if the requested Source-DID or the mem-
oryRange are supported in the current security level (see configuration parameter
of referenced DID DcmDspDidReadSecurityLevelRef or memoryRange DcmD-
spReadMemoryRangeSecurityLevelRef). If not, the Dcm module shall send a NRC 0x33
(Security access denied). c()
tifier (0x2C), the Dcm module shall check if the requested Source-DID or the mem-
oryRange are supported in the current mode condition (see configuration parameter
of referenced DID DcmDspDidReadModeRuleRef or memoryRange DcmDspRead-
MemoryRangeModeRuleRef). If not, the Dcm module shall send the calculated nega-
tive response code of the referenced DcmModeRule. c()
In case of memory address(es), on reception of ReadDataByIdentifier or Read-
DataByPeriodicIdentifier request for a dynamically defined DID, the Dcm will use the
callout Dcm_ReadMemory for all contained memory addresses to access the data.
fier (0x2C), if the request message contains different MemoryIdValue compare to the
configured values in DcmDspMemoryIdInfo container, the Dcm shall send a NRC 0x31
In case of DID source(s), on reception of ReadDataByIdentifier or ReadDataByPeriod-
icIdentifier request for a dynamically defined DID, the Dcm will use the configuration of
the contained DIDs to read the data.
7.5.2.13 Service 0x2E - WriteDataByIdentifier
[SWS_Dcm_00255] d The Dcm module shall implement the UDS Service WriteDataByI-
dentifier (0x2E) of the Unified Diagnostic Services. c()
When using Service 0x2E, the request of the tester contains a 2-byte DID and a
dataRecord with the data to be written. The configuration of the Dcm contains a list
of supported DIDs and defines for each configured DID:
• The 2-byte DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID:
– The function WriteData to be used for this data (see configuration parame-
ters DcmDspDataWriteFnc and DcmDspDataUsePort)

Manager
[SWS_Dcm_01496] d On reception of the UDS Service WriteDataByIdentifier (0x2E),

the Dcm shall check if the write access to the requested DID is authenticated and write
the data identifier only if:
• a DcmDspDidWriteRole is configured for that DID and the verification according
• the active white list on that connection has for the requested DID one entry with
write access that matches that DID.
c()
the Dcm module shall check if the DID is supported (see configuration parameter
DcmDspDid and DcmDspDidRange) If not, the Dcm module shall send NRC 0x31 (Re-
quest out of range) . c()
Dcm shall consider the DID as not supported (according to [SWS_Dcm_00467]) c()
the Dcm module shall check if the DID has a Write access configured (see configuration
parameter DcmDspDidWrite in DcmDspDidInfo). If not, the Dcm module shall send
NRC 0x31 (Request out of range). c()
the Dcm module shall check if the DID can be written in the current session (see config-
uration parameter DcmDspDidWriteSessionRef). If not, the Dcm module shall send
a NRC 0x31 (Request Out of Range). c()
the Dcm module shall check if the DID can be written in the current security level
(see configuration parameter DcmDspDidWriteSecurityLevelRef). If not, the Dcm
module shall send NRC 0x33 (Security access denied). c()
the Dcm module shall check if the DID can be written in the current mode condition (see
configuration parameter DcmDspDidWriteModeRuleRef). If not, the Dcm module
shall send the calculated negative response code of the referenced DcmModeRule. c
()
if all signals (DcmDspDidSignal) of the DID have fixed length (DcmDspDataType
is different than UINT8_DYN), the Dcm module shall check if the received data length
corresponds to the DID data length (addition of all DcmDspDataByteSize). c()
[SWS_Dcm_00395] d After all verifications (see [SWS_Dcm_00467],
[SWS_Dcm_00468], [SWS_Dcm_00469], [SWS_Dcm_00470], [SWS_Dcm_00473]

Manager
) the Dcm module shall write all the signals (DcmDspDidSignal) of

the DID by either calling the configured function DcmDspDataWriteFnc
(if parameter DcmDspDataUsePort is set to USE_DATA_SYNCH_FNC or
USE_DATA_ASYNCH_FNC or USE_DATA_ASYNCH_FNC_ERROR) or the asso-
ciated WriteData operations (if parameter DcmDspDataUsePort is set to
USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) or the associated SenderReceiver in-
terfaces (if parameter DcmDspDataUsePort is set to USE_DATA_SENDER_RECEIVER
or to USE_DATA_SENDER_RECEIVER_AS_SERVICE) with the following parameter
values:
Data: the dataRecord form the request
DataLength: the number of bytes in the dataRecord (get from the configuration if the
data has fixed length (DcmDspDataType is different than UINT8_DYN) or from the
diagnostic request length if the data has dynamic length (DcmDspDataType is set to
UINT8_DYN)). c()
[SWS_Dcm_01433] d After all verifications (see [SWS_Dcm_00467],
[SWS_Dcm_00468], [SWS_Dcm_00469], [SWS_Dcm_00470],
[SWS_Dcm_00473] ) for DID’s with DcmDspDidUse-
Port is set to USE_ATOMIC_SENDER_RECEIVER_INTERFACE,
USE_ATOMIC_SENDER_RECEIVER_INTERFACE_AS_SERVICE or
USE_ATOMIC_NV_DATA_INTERFACE, the Dcm module shall write the data by
writing the associated sender-receiver or NvDataInterface DataServices_DID. c()
[SWS_Dcm_00541] d If the data is configured as a BlockId of the NvRam (parameter
DcmDspDataUsePort set to USE_BLOCK_ID), the Dcm shall :
1) Request NvM_SetBlockLockStatus(<DcmDspDataBlockIdRef>, FALSE), to tem-
porarily unlock the NvM Block (It might be locked by executing this procedure before).
2) Request NvM_WriteBlock(<DcmDspDataBlockIdRef >, <DataBuffer>) with
BlockId corresponding to the configuration parameter DcmDspDataBlockIdRef)
3) Poll for completion of write request, using NvM_GetErrorStatus()
4a) On success (NVM_REQ_OK), the Dcm shall issue
NvM_SetBlockLockStatus(<DcmDspDataBlockIdRef >, TRUE) (to lock the NvM
block against further updates from the application) and send a positive response
message.
4b) Otherwise (on any NvM failure) the Dcm module shall trigger a negative response
with NRC 0x72 (GeneralProgrammingFailure). c()
[SWS_Dcm_CONSTR_6039] Signals with variable datalength d Only the last signal
(DcmDspDidSignal) of a DID can have variable datalength (DcmDspDataType is set
to UINT8_DYN). c()
In other case the Dcm won’t be able to split the data from the request.

Manager
[SWS_Dcm_00639] d To serialize the request message of UDS Service Write-

DataByIdentifier request into the required AUTOSAR data types (signed- and un-
signed integer), the target endianness configured in DcmDspDataEndianness
shall be considered for DcmDspData elements having DcmDspDataUsePort set to
USE_DATA_SENDER_RECEIVER, USE_DATA_SENDER_RECEIVER_AS_SERVICE. In
case DcmDspDataEndianness is not present, the DcmDspDataDefaultEndian-
ness shall be used instead. c()
[SWS_Dcm_CONSTR_6018] d DcmDspData elements used in service 0x2E shall not
have DcmDspDataUsePorts set to USE_ECU_SIGNAL. c()
[SWS_Dcm_CONSTR_6073] Dependency for DcmDspDataWriteFnc d DcmDsp-
DataWriteFnc shall be only present if:
c()
7.5.2.14 Service 0x2F - InputOutputControlByIdentifier
[SWS_Dcm_00256] d The Dcm module shall implement the UDS Service InputOutput-
ControlByIdentifier (0x2F). c(SRS_Diag_04218)
When using Service 0x2F, the request of the tester contains a 2-byte DID.
The configuration of the Dcm contains a list of supported DID’s. For each DID, the Dcm
configuration specifies:
• The 2-bytes DID (see configuration parameter DcmDspDidIdentifier)
• For every data of the DID :
– The function Xxx_ReturnControlToECU() for this data (see configuration pa-
rameters DcmDspDataReturnControlToEcuFnc and DcmDspDataUse-
Port)
– The function Xxx_ResetToDefault() for this data (see configuration parame-
ters DcmDspDataResetToDefaultFnc and DcmDspDataUsePort)
– The function Xxx_FreezeCurrentState() for this DID (see configuration pa-
rameters DcmDspDataFreezeCurrentStateFnc and DcmDspDataUse-
Port)
– The function Xxx_ShortTermAdjustment() for this DID (see configura-
tion parameters DcmDspDataShortTermAdjustmentFnc and DcmDsp-
DataUsePort)

Manager
– The sizes of the control record used in the function

Xxx_ShortTermAdjustment() (see configuration parameter and DcmD-
spDataByteSize)
[SWS_Dcm_00579] d The Dcm shall support InputOutputControlParameter definitions
according to Table 7.29.c(SRS_Diag_04218)
Hex Description
00 returnControlToECU
01 resetToDefault
02 freezeCurrentState
03 shortTermAdjustment
Table 7.29: InputOutputControlParameter definitions
[SWS_Dcm_01554] d On reception of the UDS Service InputOutputControlByIdentifier

(0x2F), the Dcm shall check if the control access to the requested DID is authenticated
and control the IO only if:
• a DcmDspDidControlRole is configured for that DID and the verification according
• the active white list on that connection has for the requested DID one entry with
control access that matches that DID.
c(SRS_Diag_04218)
DcmDspAuthentication is configured. In case of a failed authentication the NRC
handling is according to [SWS_Dcm_01544] and [SWS_Dcm_01551] applies.
(0x2F), the Dcm module shall check if the DID is supported (see configuration param-
eter DcmDspDid) If not, the Dcm module shall send NRC 0x31 (Request out of range).
c(SRS_Diag_04218)
[SWS_Dcm_00564] d If a DID is set as unused (DcmDspDidUsed set to FALSE),
the Dcm shall consider the DID as not supported (according to [SWS_Dcm_00563]) c
(SRS_Diag_04218)
(0x2F), the Dcm module shall check if the DID has a Control access configured (see
configuration parameter DcmDspDidControl in DcmDspDidInfo). If not, the Dcm
module shall send NRC 0x31 (Request out of range). c(SRS_Diag_04218)
(0x2F), the Dcm module shall check if the DID can be control in the current session (see
configuration parameter DcmDspDidControlSessionRef). If not, the Dcm module
shall send a NRC 0x31 (Request Out of Range). c()
(0x2F), the Dcm module shall check if the DID can be control in the current security

Manager
level (see configuration parameter DcmDspDidControlSecurityLevelRef). If not,

the Dcm module shall send NRC 0x33 (Security access denied). c()
(0x2F), the Dcm module shall check if the DID can be control in the current mode
condition (see configuration parameter DcmDspDidControlModeRuleRef). If not,
the Dcm module shall send the calculated negative response code of the referenced
DcmModeRule. c()
[SWS_Dcm_00580] d On reception of a request for UDS Service InputOutput-
ControlByIdentifier (0x2F) , if all verifications have been successfully done (see
[SWS_Dcm_00563], [SWS_Dcm_00565], [SWS_Dcm_00566], [SWS_Dcm_00567] )
and if the data is configured as a "ECU signal" of the IoHwAb (parameter DcmD-
spDataUsePort), the Dcm shall call the Api IoHwAb_Dcm_<symbolic name of
ECU signal (parameter DcmDspDataEcuSignal)>() with InputOutputControlParam-
eter for the ’action’ parameter and in case of InputOutputControlParameter is set
to ’shortTermAdjustment’ the signal value for the "signal" parameter. In this case
the requirements [SWS_Dcm_00396], [SWS_Dcm_00397], [SWS_Dcm_00398] and
[SWS_Dcm_00399] doesn’t apply. c(SRS_Diag_04218)
[SWS_Dcm_00581] d In case of more than one supported I/O signal per
DataIdentifier and the configuration parameter DcmDspDidControlMask is set to
DCM_CONTROLMASK_INTERNAL, the Dcm shall internally consider the parameter con-
trolEnableMaskRecord and control only the included signals in the request message.
c(SRS_Diag_04218)
[SWS_Dcm_CONSTR_6051] d The configuration parameter DcmDspDidCon-
trolMaskSize shall be only present if DcmDspDidControlMask is equal to
DCM_CONTROLMASK_EXTERNAL or DCM_CONTROLMASK_INTERNAL. c()
[SWS_Dcm_01273] d If the configuration parameter DcmDspDidControlMask is set
to DCM_CONTROLMASK_EXTERNAL or DCM_CONTROLMASK_INTERNAL, or the ele-
ment used in service 0x2F is configured to have an atomic S/R interface, the Dcm
shall reject requests without included control enable mask record with the NRC 0x13
(incorrectMessageLengthOrInvalidFormat). c(SRS_Diag_04218)
[SWS_Dcm_01274] d If the configuration parameter DcmDspDidControlMask is set
to DCM_CONTROLMASK_NO, the Dcm shall reject request with included control en-
able mask record with the NRC 0x13 (incorrectMessageLengthOrInvalidFormat). c
(SRS_Diag_04218)
[SWS_Dcm_CONSTR_6084] Sender-receiver communication for IOControls is
limited to atomic S/R interfaces d If a DID has a configured DcmDspDidUsePort
= USE_DATA_ELEMENT_SPECIFIC_INTERFACES, the possible values of DcmDsp-
DataUsePort are limited to non S/R interfaces. c(SRS_Diag_04218)
[SWS_Dcm_CONSTR_6085] Atomic S/R for IOControls are limited to non-
NV interfaces d If a DID has a configured DcmDspDidControl, the pos-
sible values of DcmDspDidUsePort are limited to atomic S/R interface and
USE_DATA_ELEMENT_SPECIFIC_INTERFACES. c(SRS_Diag_04218)

Manager
[SWS_Dcm_CONSTR_6086] Signals for DIDs with Atomic S/R are not shared
with other DIDs d If a DcmDspDid is configured to have an atomic S/R interface, all
DcmDspDataElements referenced by this DID shall be referenced only from this DID.
c(SRS_Diag_04218)
[SWS_Dcm_CONSTR_6050] d If a DcmDspDid is used in service 0x2F and is con-
figured to have an atomic S/R interface, the DcmDspDidControlMask shall be set to
DCM_CONTROLMASK_EXTERNAL and the parameter DcmDspDidControlMaskSize
shall be present with a value greater than zero. c()
[SWS_Dcm_00680] Mapping of internal ControlEnableMaskRecord to DID data
elements d If DcmDspDidControlMask is set to DCM_CONTROLMASK_INTERNAL,the
ControlEnableMaskRecord shall be mapped to the DID data elements by applying the
following mapping :
• The most significant bit of the first byte of the ControlEnableMask shall corre-
spond to the first DID data element
• The second most significant bit of the first byte of the ControlEnableMask shall
correspond to the second DID data element and continuing on in this fashion
utilizing as many ControlEnableMask bytes as necessary to map all DID data
elements.
c(SRS_Diag_04218)
The controlEnableMaskRecord is only present, if the DataIdentifer supports more than
one signal.
The Dcm supports atomic S/R interfaces activated by the configuration DcmD-
spDidUsePort set to USE_ATOMIC_SENDER_RECEIVER_INTERFACE or
USE_ATOMIC_SENDER_RECEIVER_INTERFACE_AS_SERVICE. In the text and
requirements of this chapter the term ’atomic S/R interface’ for IO control means that
the IO controlled DID is configured to one of the two choices.
[SWS_Dcm_01434] IOControl General execution sequence d On reception of a re-
quest for UDS Service InputOutputControlByIdentifier (0x2F) the Dcm shall first exe-
cute the service verifications according to [SWS_Dcm_00563], [SWS_Dcm_00565],
[SWS_Dcm_00566], [SWS_Dcm_00567] and on successful passing the verifications
start the configured service processing. c(SRS_Diag_04218)
[SWS_Dcm_00396] d On reception of a request for UDS Service InputOut-
putControlByIdentifier (0x2F) with inputOutputControlParameter equal
to returnControlToEcu, the Dcm module shall invoke all impacted con-
figured function of the controlEnableMaskRecord (if parameter DcmDsp-
DataUsePort set to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC
or USE_DATA_ASYNCH_FNC_ERROR; see configuration parameter DcmDsp-
DataReturnControlToEcuFnc). Alternatively call all the associated Re-
turnControlToECU operations (if parameter DcmDspDataUsePort set to

Manager
or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) for every data of the DID received

in the request. c(SRS_Diag_04218)
[SWS_Dcm_00397] d On reception of a request for UDS Service InputOutputCon-
trolByIdentifier (0x2F) with inputOutputControlParameter equal to resetToDe-
fault, the Dcm module shall invoke all impacted configured function of the controlEn-
ableMaskRecord (if parameter DcmDspDataUsePort set to USE_DATA_SYNCH_FNC
or USE_DATA_ASYNCH_FNC or USE_DATA_ASYNCH_FNC_ERROR; see configura-
tion parameter DcmDspDataResetToDefaultFnc). Alternatively call all the as-
sociated ResetToDefault operations (if parameter DcmDspDataUsePort set to
USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) for every data of the DID received in
the request. c(SRS_Diag_04218)
to freezeCurrentState, the Dcm module shall invoke all impacted con-
DataUsePort set to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC
or USE_DATA_ASYNCH_FNC_ERROR; see configuration parameter DcmD-
spDataFreezeCurrentStateFnc). Alternatively call all the associated
FreezeCurrentState operations (if parameter DcmDspDataUsePort set to
or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR) for every data of the DID received
in the request. c(SRS_Diag_04218)
to shortTermAdjustment, the Dcm module shall invoke all impacted con-
DataUsePort set to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC or
USE_DATA_ASYNCH_FNC_ERROR; see configuration parameter DcmDspDataShort-
TermAdjustmentFnc). Alternatively call all the associated ShortTermAdjustment
operations (if parameter DcmDspDataUsePort set to USE_DATA_SYNCH_CLIENT_
SERVER or USE_DATA_ASYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_
CLIENT_SERVER_ERROR) for every data of the DID received in the request. c
(SRS_Diag_04218)
[SWS_Dcm_00858] Cancel active IO controls on session change d On any session
transition, the Dcm shall stop all active IO controls according to [SWS_Dcm_01435]
which are not supported by the new session. c(SRS_Diag_04119)
[SWS_Dcm_00628] Cancel active IO controls in default sessions d On a session
transition to default session, the Dcm shall stop all active IO controls according to
[SWS_Dcm_01435]. c(SRS_Diag_04119)
[SWS_Dcm_00859] Cancel active IO controls on security level change d On
any security level change, the Dcm shall stop all active IO controls according to

Manager
[SWS_Dcm_01435] which are not support by the new security level anymore. c
(SRS_Diag_04119)
[SWS_Dcm_01435] Dcm cancel IO control sequence d If the Dcm needs to
cancel an active IO control due to [SWS_Dcm_00858], [SWS_Dcm_00628] or
[SWS_Dcm_00859], the Dcm shall do the following:
• For controlled data elements with DcmDspDataUsePort set to
USE_ECU_SIGNAL: call to IoHwAb_Dcm_<symbolic ECU signal name>()
with ’action’ parameter set to ReturnControlToECU.
• For controlled data elements with DcmDspDataUse-
Port set to USE_DATA_ASYNCH_CLIENT_SERVER or
USE_DATA_SYNCH_CLIENT_SERVER or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR:
call the C/S interface operation ReturnControlToECU.
• For controlled data elements with DcmDspDataUsePort set
to USE_DATA_SYNCH_FNC or USE_DATA_ASYNCH_FNC or
USE_DATA_ASYNCH_FNC_ERROR: call the configured function
Xxx_ReturnControlToECU (see parameter DcmDspDataReturnControlToE-
cuFnc)
• For controlled DIDs with is configured atomic S/R interfaces: update the data
element IOOperationRequest with inputOutputControlParameter = 0x00, the
controlEnableMask = 0xFFFFFFFF1 and data element underControl = 0x00.
c(SRS_Diag_04119)
[SWS_Dcm_00640] d To serialize the required AUTOSAR data types (signed- and
unsigned integer) from the request message (in case of inputOutputControl-
Parameter is set to ’shortTermAdjustment’) / into the response message of UDS
Service InputOutputControlByIdentifier responses, the target endianness configured
in DcmDspDataEndianness shall be considered for DcmDspData elements hav-
ing DcmDspDataUsePort set to USE_ECU_SIGNAL. In case DcmDspDataEndian-
ness is not present, the DcmDspDataDefaultEndianness shall be used instead. c
(SRS_Diag_04218)
[SWS_Dcm_00682] d The controlState in the ControlStatusRecord for positive re-
sponse message of IoControl service shall be retrieved using the associated Read-
Data operation/function/SenderReceiver after application processing on the IO control
request is positively finalized. c(SRS_Diag_04218)
Beside the Client/Server interface, the Dcm provides the SenderReceiver interface IO-
ControlRequest_{DID}. The underControl data element of this interface is cal-
culated by the Dcm with one state bit for each data element identical to the CEMR.
Applications can directly derive the active control enable status without the need to
maintain internal states.
1
The size of the mask depends on the parameter DcmDspDidControlMaskSize

Manager
The bit-mask underControl contains the accumulated status about which data ele-
ments of this particular I/O is currently under diagnostic control. The normal operation
state could be derived if the value of underControl is set to 0x00 (which is the ini-
tial value). Each set bit indicates a data element which is under diagnostic control via
FreezeCurrentState, ’ResetToDefault’ or ’ShortTermAdjustment’.
[SWS_Dcm_01436] Calculation of the underControl data element d The Dcm shall
calculate the underControl data element of the S/R interface IOControlRe-
quest_{DID}. The underControl is a bitfield of the same size than the CEMR of the
controlled DID. Each bit represents the same data element as in the CEMR. A value of
0 indicates, that the corresponding data element is currently not controlled by the Dcm,
a value of 1 indicates that it is controlled. The initial value is 0, each control request
for a data element with inputOutputControlParameter equal to ResetToDe-
fault, FreezeCurrentState or ShortTermAdjustment will set the correspond-
ing bit value to 1, and each control request with inputOutputControlParameter
set to ReturnControlToECU will set the bit value to 0. c(SRS_Diag_04218)
With each I/O Control request a command IOOperationRequest is provided to the
application to update the input or the respective output. IOOperationRequest con-
tains the inputOutputControlParameter, the controlEnableMask and in case
of ShortTermAdjustment the controlState.
To identify that previous operation has finished (e.g Write IOControlRequest_DID), the
user can use the update flag mechanism from the RTE.
The application needs to update their output values and finalizes the request with the
response message IOOperationResponse to the Dcm. The possible values are:
• 0x00 positive response (similar to E_OK)
• 0x10 generalReject
• 0x21 busyRepeatRequest
• 0x22 conditionsNotCorrect
• 0x26 FailurePreventsExecutionOfRequestedAction
• 0x31 requestOutOfRange
• 0x78 ResponsePending (similar to E_PENDING)
• 0xFF Idle - no request present
Based on this respoinse message the Dcm will:
1. wait for final processing (0x78)
2. send a positive response message (0x00)
3. send a negative response message (all other values, except 0xFF)

Manager
Figure 7.11: IO-Control with Sender/Receiver interfaces
[SWS_Dcm_01437] inputOutputControlParameter idle state d The in-

putOutputControlParameter of data element of IOOperationRequest from
S/R interface IOControlRequest_{DID} shall have an initial value of 0xFF. This
value indicates the application, that the Dcm is currently not processing an UDS service
to control this DID. c(SRS_Diag_04218)
[SWS_Dcm_01438] inputOutputControlParameter after processing an UDS
InputOutputControlByIdentifier (0x2F) service d If the Dcm is processing an In-
putOutputControlByIdentifier request with inputOutputControlParameter equal
to ResetToDefault, FreezeCurrentState or ShortTermAdjustment, the Dcm
shall set the inputOutputControlParameter of data element of IOOpera-
tionRequest from S/R interface IOControlRequest_{DID} to the idle state 0xFF
after the application has set the IOControlResponse_{DID}.IOOperationRe-
sponse to 0x00 and before processing other InputOutputControlByIdentifier requests.
c(SRS_Diag_04218)
Upon the Dcm writes IOOperationRequest of IOControlRequest_{DID} the
SWC processes the IO control request. The SWC informs the Dcm about the cur-
rent processing state by updating IOControlResponse_{DID}.IOOperationRe-
sponse.
[SWS_Dcm_01439] Positive response based on IOOperationResponse d If the
Dcm is processing an InputOutputControlByIdentifier request, it shall reply with a
positive response, if the applications set IOControlResponse_{DID}.IOOpera-
tionResponse to 0x00. c(SRS_Diag_04218)
[SWS_Dcm_01440] Negative response based on IOOperationResponse d If
the Dcm is processing an InputOutputControlByIdentifier request, it shall reply with
a negative response with the NRC IOControlResponse_{DID}.IOOperationRe-
sponse, if the applications set IOControlResponse_{DID}.IOOperationRe-
sponse a value different to 0x00 and 0x78. c(SRS_Diag_04218)
[SWS_Dcm_01441] RCRRP based on IOOperationResponse d If the Dcm
is processing an InputOutputControlByIdentifier request and the IOControlRe-
sponse_{DID}.IOOperationResponse has a value of 0x78, the Dcm shall wait until

Manager
the IOControlResponse_{DID}.IOOperationResponse gets a value different to

0x78 and send RCRRP according to [SWS_Dcm_00024]. c(SRS_Diag_04218)
[SWS_Dcm_01275] Common action for all inputOutputControlParameter op-
erations with atomic S/R d If the Dcm is processing an InputOutputControlByIdentifier
request for a DID configured atomic S/R interface, the Dcm module shall update in the
IOControlRequest_{DID} the data element IOOperationRequest with
1. controlEnableMask = controlEnableMaskRecord of the request message
2. inputOutputControlParameter = inputOutputControlParameter from the re-
quest message
c(SRS_Diag_04218)
The value 0xFF of the inputOutputControlParameter of the command IOOper-
ationRequest is the ’idle’ state. The values 0x00 (ReturnControlToECU), 0x01
(ResetToDefault), 0x02 (FreezeCurrentState) or 0x03 (ShortTermAdjust-
ment) start the request processing and include the control option inputOutputCon-
trolParameter, controlEnableMask and controlState (for ShortTermAd-
justment only).
[SWS_Dcm_01277] Additional action for InputOutputControl operations for
ShortTermAdjustment with atomic S/R d If the Dcm is processing an InputOutput-
ControlByIdentifier request with inputOutputControlParameter equal to Short-
TermAdjustment for a DID with configured atomic S/R interface, in addition to
[SWS_Dcm_01275] the Dcm module shall update in the IOControlRequest_{DID}
the data element controlState with content of the controlState from the request
message. c(SRS_Diag_04218)
Note: The controlState is a separate data elment that it can be optionally pro-
cessed by a data transformer to transform the byte stream into a composite type (see
Figure 7.11: IO-Control with Sender/Receiver interfaces).
An example of the Dcm S/R interaction is given in Figure 7.12 and Figure 7.13. For
ReturnControlToECU the data from the request is provided to the application, the
Dcm will continue to finalize the request after writing the data into the S/R ports. All
other sub-functions will wait for the application providing the response 0x00 or an code.

Manager
Figure 7.12: Sequence diagram for returnControlToECU
Figure 7.13: Sequence diagram for resetToDefault, frezeCurentState and shortTermAd-

justement

Manager
[SWS_Dcm_CONSTR_6048] Composite sub elements accessible only by read d

Composite sub elements can only be referred from Read DID i.e. Write and Control
DID are not supported. c()
[SWS_Dcm_CONSTR_6030] d The ReturnControlToEcu functionnality is exist-
ing if at least one of the following parameters are activated : DcmDspDid-
FreezeCurrentState in ECUC_Dcm_00624 : or DcmDspDidResetToDefault in
ECUC_Dcm_00623 : or DcmDspDidShortTermAdjustment in ECUC_Dcm_00625
: . c()
[SWS_Dcm_CONSTR_6059] Dependency for DcmDspDataFreezeCur-
rentStateFnc d DcmDspDataFreezeCurrentStateFnc shall be only present
if:
c()
[SWS_Dcm_CONSTR_6063] Dependency for DcmDspDataResetToDefaultFnc
d DcmDspDataResetToDefaultFnc shall be only present if:
c()
[SWS_Dcm_CONSTR_6064] Dependency for DcmDspDidControlMaskSize d
DcmDspDidControlMaskSize shall be only present if DcmDspDidControlMask is
equal to DCM_CONTROLMASK_EXTERNAL or DCM_CONTROLMASK_INTERNAL. c()
[SWS_Dcm_CONSTR_6081] Dependency for DcmDspDidControlMaskBitPosi-
tion d The value configured for DcmDspDidControlMaskBitPosition shall be
lower than DcmDspDidControlMaskSize * 8. c()
[SWS_Dcm_CONSTR_6065] Dependency for DcmDspDataReturnControlToE-
cuFnc d DcmDspDataReturnControlToEcuFnc shall be only present if:
c()
[SWS_Dcm_CONSTR_6066] Dependency for DcmDspDataShortTermAdjust-
mentFnc d DcmDspDataShortTermAdjustmentFnc shall be only present if:

Manager

c()
[SWS_Dcm_CONSTR_6082] Dependency for DcmDspDidControlMask-
Size d DcmDspDidControlMaskSize larger than 4 shall be only allowed
if DcmDspDataUsePort is set to USE_DATA_ASYNCH_CLIENT_SERVER,
USE_DATA_ASYNCH_CLIENT_SERVER_ERROR or USE_DATA_SYNCH_CLIENT_SERVER.
Note: ControlEnableMask larger than 32 bits is a very rare use case. Therefore the
Dcm supports only C/S interfaces to solve this use case. c()
7.5.2.15 Service 0x31 - RoutineControl
[SWS_Dcm_00257] d The Dcm module shall implement the UDS Service RoutineCon-
trol (0x31) for subFunctions startRoutine, stopRoutine and requestsRoutineResults. c
()
A tester can use UDS Service 0x31 to start, stop or obtain the results of a routine
identified by a 2-byte routineIdentifier. The Dcm module configuration contains a list
of the routineIdentifiers (see configuration parameter DcmDspRoutineIdentifier)
supported by the DCM. For each routineIdentifier, the Dcm configuration specifies:
• The function Xxx_Start() associated with this routineIdentifier (see configuration
parameters DcmDspStartRoutineFnc and DcmDspRoutineUsePort)
• List of signal available in the request and in the response (see configuration pa-
rameters DcmDspStartRoutineIn and DcmDspStartRoutineOut)
• The function Xxx_Stop() associated with this routineIdentifier (see configuration
parameters DcmDspStopRoutineFnc and DcmDspRoutineUsePort)
• List of signal available in the request and in the response (see configuration pa-
rameters DcmDspStopRoutineIn and DcmDspStopRoutineOut)
• The function Xxx_RequestResults() associated with this routineIdentifier (see
configuration parameters DcmDspRequestRoutineResultsFnc and DcmD-
spRoutineUsePort)
• List of signal available in the request and in the response (see configuration
parameters DcmDspRequestRoutineResultsIn and DcmDspRequestRou-
tineResultsOut)
[SWS_Dcm_01442] d If DcmDspRoutineUsePort is set to true, the Dcm shall
use the C/S interfaces RoutineServices_{RoutineName} [SWS_Dcm_00690].c
(SRS_Diag_04224)

Manager
[SWS_Dcm_01443] d If DcmDspRoutineUsePort is set to false, the Dcm shall use

the configured callout functions for routine operations.c(SRS_Diag_04224)
[SWS_Dcm_00568] d On reception of the UDS Service RoutineControl (0x31), the Dcm
module shall check if the Routine is supported (see configuration parameter DcmD-
spRoutine) If not, the Dcm module shall send NRC 0x31 (Request out of range). c
()
[SWS_Dcm_00569] d If a Routine is set as unused (DcmDspRoutineUsed set
to FALSE), the Dcm shall consider the Routine as not supported (according to
[SWS_Dcm_00568]) c()
[SWS_Dcm_01555] d On reception of the UDS Service RoutineControl (0x31) with
sub-function startRoutine, the Dcm shall check if the access to the requested routine
identifier is authenticated and process the routine only if:
• a DcmDspStartRoutineRole is configured for that routine and the verification ac-
cording to [SWS_Dcm_01522] was successful or
• the active white list on that connection has one RID entry with sub-function ac-
cess set to startRoutine that matches that service and sub-function.
c()
sub-function stopRoutine, the Dcm shall check if the access to the requested routine
identifier is authenticated and process the routine only if:
• a DcmDspStopRoutineRole is configured for that routine and the verification ac-
cording to [SWS_Dcm_01522] was successful or
cess set to stopRoutine that matches that service and sub-function.
c()
sub-function requestRoutineResult, the Dcm shall check if the access to the requested
routine identifier is authenticated and process the routine only if:
• a DcmDspRequestRoutineResultsRole is configured for that routine and the ver-
ification according to [SWS_Dcm_01522] was successful or
cess set to requestRoutineResults that matches that service and sub-function.
c()
DcmDspAuthentication is configured. In case of a failed authentication the NRC
handling is according to [SWS_Dcm_01544] and [SWS_Dcm_01551] applies.

Manager

module shall check if the Routine can be executed in the current session (see con-
figuration parameters DcmDspStartRoutineCommonAuthorizationRef, DcmD-
spStopRoutineCommonAuthorizationRef and DcmDspRequestRoutineRe-
sultsCommonAuthorizationRef). If not, the Dcm module shall send a NRC 0x31
(Request Out of Range). c()
[SWS_Dcm_00571] d On reception of the UDS Service RoutineControl (0x31), the
Dcm module shall check if the Routine can be executed in the current secu-
rity level (see configuration parameter DcmDspStartRoutineCommonAuthoriza-
tionRef, DcmDspStopRoutineCommonAuthorizationRef and DcmDspReque-
stRoutineResultsCommonAuthorizationRef). If not, the Dcm module shall send
NRC 0x33 (Security access denied). c()
[SWS_Dcm_00869] d On reception of the UDS Service RoutineControl (0x31), the
Dcm module shall check if the SubFunction to the corresponding Routine is supported
(see existence of configuration container DcmDspStopRoutine for SubFunction 0x02;
DcmDspRequestRoutineResults for SubFunction 0x03). If not, the Dcm module
shall send NRC 0x12 (SubFunction not supported). c()
SubFunction startRoutine, the Dcm module shall check if the Routine can be exe-
cuted in the current mode condition (see configuration parameter DcmDspStartRou-
tineCommonAuthorizationRef). If not, the Dcm module shall send the calculated
negative response code of the referenced DcmModeRule. c()
SubFunction stopRoutine, the Dcm module shall check if the Routine can be executed in
the current mode condition (see configuration parameter DcmDspStopRoutineCom-
monAuthorizationRef). If not, the Dcm module shall send the calculated negative
response code of the referenced DcmModeRule. c()
SubFunction requestRoutineResults, the Dcm module shall check if the Routine can
be executed in the current mode condition (see configuration parameter DcmDspRe-
questRoutineResultsCommonAuthorizationRef). If not, the Dcm module shall
send the calculated negative response code of the referenced DcmModeRule. c()
Routines have different input and output parameters depending on the routine con-
figuration (e.g. DcmDspStartRoutineIn for input parameter for the routine start
service). The signature of the called routine operations Xxx_Start, Xxx_Stop and
Xxx_RequestResults is depending on this configuration. The defined parameters for
input and output routine data are optional, and marked in brackets ’[]’ in the definition
in [SWS_Dcm_01203], [SWS_Dcm_01204] and [SWS_Dcm_91013].

Manager
[SWS_Dcm_01360] d For each configured routine input signal in DcmDspStartRou-

tineInSignal, DcmDspStopRoutineInSignal or DcmDspRequestRoutineRe-
sultsInSignal with a signal type unequal to VARIABLE_LENGTH, the optional pa-
rameter ’DcmDspRoutineSignalType dataIn_n’ shall be provided in the corresponding
operations in [SWS_Dcm_01203], [SWS_Dcm_01204] or [SWS_Dcm_91013]. c()
[SWS_Dcm_01361] d For a configured routine input signal in DcmDspStartRou-
tineInSignal, DcmDspStopRoutineInSignal or DcmDspRequestRoutineRe-
sultsInSignal with a signal type equal to VARIABLE_LENGTH the optional pa-
rameter const ’uint8 * dataInVar’ shall be provided in the corresponding operations in
[SWS_Dcm_01203] [SWS_Dcm_01204] or [SWS_Dcm_91013]. c()
[SWS_Dcm_01362] d For each configured routine output signal in DcmDsp-
StartRoutineOutSignal, DcmDspStopRoutineOutSignal or DcmDspReque-
stRoutineResultsOutSignal with a signal type unequal to VARIABLE_LENGTH
the optional parameter ’DcmDspRoutineSignalType dataOut_n’ shall be provided
in the corresponding operations in [SWS_Dcm_01203], [SWS_Dcm_01204] or
[SWS_Dcm_91013]. c()
[SWS_Dcm_01363] d For a configured routine output signal in DcmDspStartRouti-
neOutSignal, DcmDspStopRoutineOutSignal or DcmDspRequestRoutineRe-
sultsOutSignal with a signal type equal to VARIABLE_LENGTH the optional pa-
rameter const ’uint8 * dataOutVar’ shall be provided in the corresponding operations in
[SWS_Dcm_01203], [SWS_Dcm_01204] or [SWS_Dcm_91013]. c()
[SWS_Dcm_01364] d The optional in/out parameter currentDataLength in
[SWS_Dcm_01203], [SWS_Dcm_01204] or [SWS_Dcm_91013] is always present if
at least one of the routine input signal data or routine output signal data have a signal
with routine type ’VARIABLE_LENGTH’. c()
Note: The ’currentDataLength’ parameter as in/out parameter contains the data length
in bytes of the ’dataInVar’ while calling the operation and it returns the length in bytes
of the ’dataOutVar’. As ’dataInVar’ and ’dataOutVar’ are optional, ’currentDataLength’
is only present if at least one of this optional parameter is used.
[SWS_Dcm_00590] d When receiving a request for UDS Service RoutineControl
(0x31) if all verifications have been successfully done (see [SWS_Dcm_00568],
[SWS_Dcm_00570], [SWS_Dcm_00571]), the Dcm module shall split the routineCon-
trolOptionRecord received according of the list of input signal configured for this routine
( see configuration parameters DcmDspStartRoutineIn, DcmDspStopRoutineIn,
DcmDspRequestRoutineResultsIn) c()
[SWS_Dcm_00400] d When receiving a request for UDS Service RoutineControl (0x31)
with subfunction startRoutine, if all verifications have been successfully done (see
[SWS_Dcm_00568], [SWS_Dcm_00570], [SWS_Dcm_00571]), the Dcm module shall
call the configured Xxx_Start() function passing the dataIn, calculated from routineCon-
trolOptionRecord (see [SWS_Dcm_00590]), and the dataOut reference according of
the list of output signal configured for this routine ( see configuration parameter DcmD-
spStartRoutineOut). c()

Manager
[SWS_Dcm_00401] d Upon completing [SWS_Dcm_00400], when Xxx_Start() returns

E_OK, the Dcm module shall reply with a positive response with the data returned by
Xxx_Start() in the dataOut as routineStatusRecord (dataOut are merged according
to the list of output signal configured for this routine ( see configuration parameter
DcmDspStartRoutineOut)). c()
with subfunction stopRoutine, if all verifications have been successfully done (see
[SWS_Dcm_00568], [SWS_Dcm_00570], [SWS_Dcm_00571]), the Dcm module shall
call the configured Xxx_Stop() function passing the dataIn, calculated from routineCon-
trolOptionRecord (see [SWS_Dcm_00590]), and the dataOut reference according of
the list of output signal configured for this routine ( see configuration parameter DcmD-
spStopRoutineOut). c()
[SWS_Dcm_00403] d Upon completing [SWS_Dcm_00402], when Xxx_Stop() returns
E_OK, the Dcm module shall reply with a positive response with the data returned
by Xxx_Stop()in the dataOut as routineStatusRecord (dataOut are merged according
to the list of output signal configured for this routine ( see configuration parameter
DcmDspStopRoutineOut)). c()
with subfunction requestRoutineResults, if all verifications have been successfully done
(see [SWS_Dcm_00568], [SWS_Dcm_00570], [SWS_Dcm_00571]), the Dcm module
shall call the configured Xxx_RequestResults() function passing the dataIn, calculated
from routineControlOptionRecord (see [SWS_Dcm_00590])and provide the dataOut
reference according of the list of output signal configured for this routine ( see configu-
ration parameter DcmDspRequestRoutineResultsOut). c()
[SWS_Dcm_00405] d Upon completing [SWS_Dcm_00404], when
Xxx_RequestResults() returns E_OK, the Dcm module shall reply with a positive
response with the data returned by Xxx_RequestResults()in the dataOut as routineS-
tatusRecord (dataOut are merged according to the list of output signal configured for
this routine ( see configuration parameter DcmDspRequestRoutineResultsOut)).
c()
[SWS_Dcm_00641] d To serialize the required AUTOSAR data types (signed- and un-
signed integer) from the request message / into the response message of UDS Service
RoutineControl, the target endianness configured in DcmDspRoutineSignalEndi-
anness shall be considered for DcmDspRoutine signals having set to fixed length
(DcmDspRoutineSignalType set to other value than VARIABLE_LENGTH). c()
[SWS_Dcm_CONSTR_6072] Dependency for DcmDspRoutineSignalEndian-
ness d In case DcmDspRoutineSignalEndianness is not present, the DcmDsp-
DataDefaultEndianness shall be used instead. c()
[SWS_Dcm_01139] d The Dcm shall follow the NRC handling for RoutineControlService
according to ISO 14229-1 [1]. c()
module shall check the overall length of the request. If length of the request is wrong,

Manager
the Dcm module shall send NRC 0x13 (Incorrect message length or invalid format) to
the tester. c()
[SWS_Dcm_01141] d The Dcm shall call the appropriate routine functions of the
SWC after having performed the total length check and the Mode rules, security level
and session checks (DcmDspStartRoutineCommonAuthorizationRef, DcmD-
spStopRoutineCommonAuthorizationRef and DcmDspRequestRoutineRe-
sultsCommonAuthorizationRef). c()
Note: Subsequent checks have to be performed by the SWC.
[SWS_Dcm_01194] d On reception of the UDS Service RoutineControl (0x31), for ev-
ery requested RID inside the OBD range (E000-E0FF), the Dcm shall implicitly allow
sub-function StartRoutine. c()
[SWS_Dcm_00701] d On reception of the UDS Service RoutineControl (0x31), for
every requested RID inside the OBD range (E000-E0FF) and usage of UDS inter-
face, the Dcm module shall use the routineInfo byte value from the configuration (see
ECUC_Dcm_01063) in the response to the tester. c()
[SWS_Dcm_01330] d If DcmDspEnableObdMirror is set to true, an explicitly config-
ured RID inside the OBD range (E000-E0FF) shall use the UDS interface. c()
[SWS_Dcm_01331] d If DcmDspEnableObdMirror is set to false, all requests within
the OBD RID range shall use the UDS interface. c()
[SWS_Dcm_01332] d On reception of the UDS Service RoutineControl (0x31), for ev-
ery requested RID inside the OBD range (E000-E0FF), the Dcm module shall handle
the RID as defined for OBD Service $08 (see [SWS_Dcm_00418], [SWS_Dcm_00947],
[SWS_Dcm_00419], [SWS_Dcm_00420], [SWS_Dcm_00948], [SWS_Dcm_01192]) if
DcmDspEnableObdMirror is set to true and RID not explicitly configured. c()
[SWS_Dcm_01333] d On reception of the UDS Service RoutineControl (0x31), for
every requested RID inside the OBD range (E000-E0FF) and usage of OBD in-
terface, the Dcm shall use the routineInfo byte value from the configuration (see
ECUC_Dcm_01078) in the response to the tester. c()
If DcmDspEnableObdMirror is set to FALSE or the RID is explicitly configured inside
the OBD TestId range (E000-E0FF), the access to the OBD data shall be given in the
following way:
[SWS_Dcm_01390] d On reception of an UDS Service RoutineControl (0x31) request
with one or more ”availability OBDTestIds” as parameter, the Dcm module shall respond
with the corresponding supported (=configured) RIDs. c()
”availability OBDTestIds” together with other OBDTestIds as parameter, the Dcm mod-
ule shall ignore the request. c()
with a OBDTestIds that is not an ”availability OBDTestIds”, the Dcm module shall invoke
the configured Xxx_Start() function. c()

Manager
[SWS_Dcm_01393] d As specified in [3, SAE J1979], unused data bytes shall be filled
with $00. c()
[SWS_Dcm_01394] d If Xxx_Start() doesn’t return E_OK, the Dcm shall return NRC
0x22. c()
[SWS_Dcm_00668] d If the operation Start() returns value E_NOT_OK, the Dcm mod-
ule shall send a negative response with NRC code equal to ErrorCode parameter value.
c()
[SWS_Dcm_00669] d If the operation Start() returns value DCM_E_FORCE_RCRRP,
the Dcm module shall start the transmission of NRC 0x78. c()
[SWS_Dcm_00670] d If the operation Stop() returns value E_NOT_OK, the Dcm mod-
ule shall send a negative response with NRC code equal to ErrorCode parameter value.
c()
[SWS_Dcm_00671] d If the operation Stop() returns value DCM_E_FORCE_RCRRP,
the Dcm module shall start the transmission of NRC 0x78. c()
[SWS_Dcm_00672] d If the operation RequestResults() returns value E_NOT_OK, the
Dcm module shall send a negative response with NRC code equal to ErrorCode param-
eter value. c()
[SWS_Dcm_00673] d If the operation RequestResults () returns value
DCM_E_FORCE_RCRRP, the Dcm module shall start the transmission of NRC
0x78. c()
[SWS_Dcm_CONSTR_6071] Dependency for DcmDspStartRoutineFnc, DcmD-
spStopRoutineFnc, DcmDspRequestRoutineResultsFnc, DcmDspStartRou-
tineConfirmationFnc, DcmDspStopRoutineConfirmationFnc d The following
configuration parameters shall only be present if DcmDspRoutineUsePort is set to
FALSE.
• DcmDspStartRoutineFnc
• DcmDspStopRoutineFnc
• DcmDspRequestRoutineResultsFnc
• DcmDspStartRoutineConfirmationFnc
• DcmDspStopRoutineConfirmationFnc
c()
7.5.2.16 Service 0x3E - Tester Present
[SWS_Dcm_00251] d The Dcm module shall implement the Tester Present (service
0x3E, diagnostic communication and security) of the Unified Diagnostic Services for
the subfunction values 0x00 and 0x80. c()

Manager
[SWS_Dcm_01558] d The Dcm shall process the UDS service 0x3E (TesterPresent)
independently from the current authentication state. c()
This service is used to keep one or multiple servers in a diagnostic session being
different than the defaultSession.
7.5.2.17 Service 0x3D - WriteMemoryByAddress
[SWS_Dcm_00488] d The Dcm module shall implement the WriteMemoryByAddress

(service 0x3D) of the Unified Diagnostic Services. c()
This service is used to write data using a physical memory address.
[SWS_Dcm_00855] d On reception of the UDS Service WriteMemoryByAddress
(0x3D), the Dcm shall check if the requested AddressAndLengthFormatIdenti-
fier is supported (refer to configuration parameter DcmDspSupportedAddressAn-
dLengthFormatIdentifier), Otherwise the NRC 0x31 (requestOutOfRange) shall
be responded. In case the container AddressAndLengthFormatIdentifier is
not present, the Dcm shall accept all possible AddressAndLengthFormatIdentifiers. c()
(0x3D), the Dcm shall check if the complete memory range to write to (from ’mem-
oryAddress’ parameter to ’memoryAddress + memorySize -1’) is inside the allowed
memory ranges (check of DcmDspWriteMemoryRangeLow and DcmDspWriteMem-
oryRangeHigh parameters for each DcmDspWriteMemoryRangeInfo container
or DcmDspWriteMemoryRangeByLabelLow and DcmDspWriteMemoryRangeBy-
LabelHigh parameters for each DcmDspWriteMemoryRangeByLabelInfo con-
tainer). If not, the Dcm module shall send NRC 0x31 (Request out of range). c()
(0x3D), the Dcm shall check if the complete memory range (from ’memoryAddress’
parameter to ’memoryAddress + memorySize -1’) can be written in the current secu-
rity level (see DcmDspWriteMemoryRangeSecurityLevelRef). If security level is not
correct, the Dcm module shall send NRC 0x33 (securityAccessDenied). c()
parameter to ’memoryAddress + memorySize -1’) can be written in the current mode
condition (see DcmDspWriteMemoryRangeModeRuleRef). If mode condition is not
correct, the Dcm module shall send the calculated negative response code of the refer-
enced dcmModeRule. c()
(0x3D), and after verification of the validity of the request (see [SWS_Dcm_00489]
and [SWS_Dcm_00490]) the Dcm module shall call the callout Dcm_WriteMemory. c
()

Manager

(0x3D), if the request message contains different MemoryIdValue compare to the con-
figured values in DcmDspMemoryIdInfo container, the Dcm shall send a NRC 0x31
[SWS_Dcm_01056] d The configured ranges of memory address (DcmDspRead-
MemoryRangeHigh and DcmDspReadMemoryRangeLow or DcmDspReadMemo-
ryRangeByLabelHigh and DcmDspReadMemoryRangeByLabelLow) shall not
overlap each other. c()
parameter to ’memoryAddress + memorySize -1’) can be written in the current session
(see DcmDspWriteMemoryRangeSessionLevelRef). If the session is not correct, the
Dcm module shall send NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_00643] d If the operation Dcm_WriteMemory returns
DCM_WRITE_FAILED, the Dcm module shall send a negative response with
NRC code equal to the parameter ErrorCode parameter value. c()
[SWS_Dcm_00837] d If the call to Dcm_WriteMemory returns
DCM_WRITE_FORCE_RCRRP, the Dcm shall invoke the transmit request for
RCR-RP (NRC 0x78 transmission) and the Dcm shall not realize further invocation of
the operation till RCR-RP is transmitted. c()
text), Dcm_WriteMemory again with OpStatus = DCM_FORCE_RCRRP_OK. c()
7.5.2.18 Service 0x23 - ReadMemoryByAddress
This service is used to read data using a physical memory address.

[SWS_Dcm_00492] d The Dcm module shall implement the ReadMemoryByAddress
(service 0x23) of the Unified Diagnostic Services. c()
[SWS_Dcm_00853] d On reception of the UDS Service ReadMemoryByAddress
(0x23), the Dcm shall check if the requested AddressAndLengthFormatIdenti-
fier is supported (refer to configuration parameter DcmDspSupportedAddressAn-
dLengthFormatIdentifier), Otherwise the NRC 0x31 (requestOutOfRange) shall
be responded. In case the container DcmDspAddressAndLengthFormatIdenti-
fier is not present, the Dcm shall accept all possible AddressAndLengthFormatIden-
tifiers. ). c()
(0x23), the Dcm shall check if the complete memory range to read from (from
’memoryAddress’ parameter to ’memoryAddress + memorySize -1’) is inside the al-
lowed memory ranges (check of DcmDspReadMemoryRangeLow and DcmDspRead-
MemoryRangeHigh parameters for each DcmDspReadMemoryRangeInfo container

Manager
or DcmDspReadMemoryRangeByLabelLow and DcmDspReadMemoryRangeByLa-

belHigh parameters for each DcmDspReadMemoryRangeByLabelInfo container).
If not, the Dcm module shall send NRC 0x31 (Request out of range). c()
(0x23), the Dcm shall check if the complete memory range (from ’memoryAddress’
parameter to ’memoryAddress + memorySize -1’) can be readen in the current secu-
rity level (see DcmDspReadMemoryRangeSecurityLevelRef). If security level is not
correct, the Dcm module shall send NRC 0x33 (securityAccessDenied). c()
parameter to ’memoryAddress + memorySize -1’) can be readen in the current mode
condition (see DcmDspReadMemoryRangeModeRuleRef). If mode condition is not
correct, the Dcm module shall send calclulated negative response code of the refer-
enced DcmModeRule. c()
(0x23), and after verification of the validity of the request (see [SWS_Dcm_00493]
and [SWS_Dcm_00494]) the Dcm module shall call the callout Dcm_ReadMemory. c()
(0x23), if the request message contains different MemoryIdValue compare to the con-
figured values in DcmDspMemoryIdInfo container, the Dcm shall send a NRC 0x31
[SWS_Dcm_01158] d The configured ranges of memory address (DcmDspRead-
MemoryRangeHigh and DcmDspReadMemoryRangeLow or DcmDspReadMemo-
ryRangeByLabelHigh and DcmDspReadMemoryRangeByLabelLow) shall not
overlap each other. c()
parameter to ’memoryAddress + memorySize -1’) can be read in the current session
(see DcmDspReadMemoryRangeSessionLevelRef). If the session is not correct, the
Dcm module shall send NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_00644] d If the operation Dcm_ReadMemory returns
DCM_READ_FAILED, the Dcm module shall send a negative response with NRC
code equal to the parameter ErrorCode parameter value. c()
[SWS_Dcm_00839] d If the call to Dcm_ReadMemory returns
DCM_READ_FORCE_RCRRP, the Dcm shall invoke the transmit request for RCR-RP
(NRC 0x78 transmission) and the Dcm shall not realize further invocation of the
operation till RCR-RP is transmitted. c()
text), Dcm_ReadMemory again with OpStatus = DCM_FORCE_RCRRP_OK. c()

Manager
7.5.2.19 Service 0x34 - RequestDownload
This service is used to request the start of a download process.

[SWS_Dcm_00496] d The Dcm module shall implement the RequestDownload (service
0x34) of the Unified Diagnostic Services. c(SRS_Diag_04033)
[SWS_Dcm_00856] d On reception of the UDS ServiceRequestDownload (0x34), the
Dcm shall check if the requested AddressAndLengthFormatIdentifier is sup-
ported (refer to configuration parameter DcmDspSupportedAddressAndLength-
FormatIdentifier), Otherwise the NRC 0x31 (requestOutOfRange) shall be re-
sponded. In case the container AddressAndLengthFormatIdentifier is not
present, the Dcm shall accept all possible AddressAndLengthFormatIdentifiers. c()
[SWS_Dcm_01057] d On reception of the UDS ServiceRequestDownload (0x34), if the
request message contains different MemoryIdValue compare to the configured values
in DcmDspMemoryIdInfo container, the Dcm shall send a NRC 0x31 (RequestOut-
OfRange). c()
[SWS_Dcm_01132] d NRC described in Table 7.30 shall be the responsibility of the
callout function.c()
NRC Use Case
0x31 requestOutOfRange The specified dataFormatIdentifier is not valid.
0x70 uploadDownload- An attempt to download to a server’s memory cannot be
NotAccepted accomplished due to some fault conditions.
Note: this NRC will be handled by the callout only if mode rule is
not used for this case
Table 7.30: NRC managed by callout function for service 0x34
Note: the callout function can, if needed, return also other NRC but the ones above
won’t be treated by the Dcm module.
[SWS_Dcm_00757] d If the operation Xxx_ProcessRequestDownload returns
value E_NOT_OK, the Dcm module shall send a negative response with NRC code
equal to the parameter ErrorCode parameter value. c()
[SWS_Dcm_01417] d Upon calling Xxx_ProcessRequestDownload, the Dcm shall
write the maximum possible buffer size into the BlockLength parameter. c
(SRS_Diag_04033)
[SWS_Dcm_01418] d If the function call Xxx_ProcessRequestDownload re-
turns a requested buffer length larger than the supported buffer length
of the current protocol connection, the Dcm shall report the Det error
DCM_E_INTERFACE_BUFFER_OVERFLOW. c(SRS_Diag_04033) For definition of
DCM_E_INTERFACE_BUFFER_OVERFLOW see Table 7.1.
[SWS_Dcm_01419] d If the function call Xxx_ProcessRequestDownload returns a
requested buffer length smaller or equal than the supported buffer length of the current

Manager
protocol connection, the Dcm shall return the BlockLength value within the maxNum-
berOfBlockLength parameter of the positive response. c(SRS_Diag_04033)
7.5.2.20 Service 0x35 - RequestUpload
This service is used to request the start of a upload process.

[SWS_Dcm_00499] d The Dcm module shall implement the RequestUpload (service
[SWS_Dcm_00857] d On reception of the UDS RequestUpload (0x35), the Dcm shall
check if the requested AddressAndLengthFormatIdentifier is supported (refer
to configuration parameter DcmDspSupportedAddressAndLengthFormatIden-
tifier), Otherwise the NRC 0x31 (requestOutOfRange) shall be responded. In case
the container AddressAndLengthFormatIdentifier is not present, the Dcm shall
accept all possible AddressAndLengthFormatIdentifiers. c()
[SWS_Dcm_01055] d On reception of the UDS RequestUpload (0x35), if the request
message contains different MemoryIdValue compare to the configured values in DcmD-
spMemoryIdInfo container, the Dcm shall send a NRC 0x31 (RequestOutOfRange).
c()
NRC Use Case
0x31 - requestOut- The specified dataFormatIdentifier is not valid.
OfRange
0x70 - uploadDownload- An attempt to download to a server’s memory cannot be
NotAccepted accomplished due to some fault conditions.
Note: this NRC will be handled by the callout only if mode rule is
not used for this case
[SWS_Dcm_00758] d If the operation Xxx_ProcessRequestUpload returns value
E_NOT_OK, the Dcm module shall send a negative response with NRC code equal to
the parameter ErrorCode parameter value. c()
[SWS_Dcm_01420] d Upon calling Xxx_ProcessRequestUpload, the Dcm shall
write the maximum possible buffer size into the BlockLength parameter. c
(SRS_Diag_04033)
[SWS_Dcm_01421] d If the function call Xxx_ProcessRequestUpload re-
turns a requested buffer length larger than the supported buffer length
of the current protocol connection, the Dcm shall report the Det error

Manager
DCM_E_INTERFACE_BUFFER_OVERFLOW. c(SRS_Diag_04033) For definition of

DCM_E_INTERFACE_BUFFER_OVERFLOW see Table 7.1.
[SWS_Dcm_01422] d If the function call Xxx_ProcessRequestUpload returns a re-
quested buffer length smaller or equal than the supported buffer length of the current
protocol connection, the Dcm shall return the BlockLength value within the maxNum-
berOfBlockLength parameter of the positive response. c(SRS_Diag_04033)
7.5.2.21 Service 0x36 - TransferData
This service is used to transfer data during a download or upload process.

[SWS_Dcm_00502] d The Dcm module shall implement the TransferData (service
[SWS_Dcm_00503] d On reception of the UDS Service TransferData (0x36), if a
download process is running (RequestDownload service has been previously re-
ceived) and the request format is correct, the Dcm module shall call the callout
Xxx_ProcessTransferDataWrite. c(SRS_Diag_04033)
[SWS_Dcm_00504] d On reception of the UDS Service TransferData (0x36), if
an upload process is running (RequestUpload service has been previously re-
ceived) and the request format is correct, the Dcm module shall call the callout
Xxx_ProcessTransferDataRead. c(SRS_Diag_04033)
[SWS_Dcm_00645] d On reception of the UDS Service TransferData (0x36), if a block
sequence error is detected, the Dcm module shall trigger a negative response with NRC
0x73 (WrongBlockSequenceCounter) c()
[SWS_Dcm_01444] d On reception of the UDS Service TransferData (0x36), if a file
download is running (RequestFileTransfer service has been previously received with
0x01 (AddFile) or 0x03 (ReplaceFile)) and the request format is correct, the Dcm mod-
ule shall call the callout Dcm_WriteFile(). c()
[SWS_Dcm_01445] d On reception of the UDS Service TransferData (0x36), if a file
or directory information upload is running (RequestFileTransfer service has been pre-
viously received with 0x04 (ReadFile) or 0x05 (ReadDir)) and the request format is
correct, the Dcm module shall call the callout Dcm_ReadFileOrDir(). c()
[SWS_Dcm_01173] d NRCs described in Table 7.32 shall be the responsibility of the
NRC Use Case
0x24 - requestSequenceError only for the following conditions:
If the RequestDownload or RequestUpload service
is active, but the server has already received all
data as determined by the memorySize parameter
in the active RequestDownload or RequestUpload
service

Manager
NRC Use Case

0x31 - requestOutOfRange Only for the following conditions:
The transferRequestParameterRecord contains
additional control parameters (e.g. additional
address information) and this control information is
invalid. The transferRequestParameterRecord is
not consistent with the server’s memory alignment
constraints
0x71 - transferDataSuspended The data transfer operation was halted due to
some fault.
0x72 - generalProgrammingFailure If the server detects an error when finalizing the
data transfer between the client and server (e.g.,
via an integrity check).
0x92 - voltageTooHigh The voltage measured is higher than the maximum
acceptable voltage for downloading data.
0x93 - voltageTooLow The voltage measured is under the minimum
acceptable voltage for downloading data.
Note: the callout function can, if needed, return also other NRCs but the ones above
7.5.2.22 Service 0x37 - RequestTransferExit
This service is used to terminate a download or upload process.

[SWS_Dcm_00505] d The Dcm module shall implement the RequestTransferExit (ser-
vice 0x37) of the Unified Diagnostic Services. c(SRS_Diag_04033)
NRC Use Case
0x24 - requestSequenceError The programming process is not completed when a
request for this service is received.
0x72 - generalProgrammingFailure If the server detects an error when finalizing the
data transfer between the client and server (e.g.,
via an integrity check).
[SWS_Dcm_00759] d If the operation Xxx_ProcessRequestTransferExit re-
turns value E_NOT_OK, the Dcm module shall send a negative response with NRC

Manager
7.5.2.23 Service 0x38 - RequestFileTransfer
[SWS_Dcm_01083] d The Dcm module shall implement the RequestFileTransfer (ser-

vice 0x38) of the Unified Diagnostic Services. c()
This service is used to request the start of a file transfer process according to ISO-
14229-1.
[SWS_Dcm_01446] d If the DcmRequestFileTransferUsePort is set to TRUE the
Dcm shall use C/S calls of the interface RequestFileTransfer for all RequestFileTransfer
related callouts. c()
[SWS_Dcm_01447] d If the DcmRequestFileTransferUsePort is set to FALSE
the Dcm shall use C function calls for all RequestFileTransfer related callouts. c()
[SWS_Dcm_01448] d If the fileSizeParameterLength parameter in the RequestFile-
Transfer request is present and outside the closed interval [0x01..0x08], the Dcm shall
send a negative response with NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_01449] d If the modeOfOperation parameter in the RequestFileTransfer
request is not supported (0x00 or greater than 0x05), the Dcm shall send a negative
response with NRC 0x31 (RequestOutOfRange). c()
[SWS_Dcm_01450] d The Dcm shall process RequestFileTransfer according to [5] and,
in case of modeOfOperation equal to 0x01 (AddFile) call XXX_ProcessRequestAddFile
after the full length check. c()
[SWS_Dcm_01451] d The Dcm shall process RequestFileTransfer according
to [5] and, in case of modeOfOperation equal to 0x02 (DeleteFile) call
XXX_ProcessRequestDeleteFile after the full length check. c()
to [5] and, in case of modeOfOperation equal to 0x03 (ReplaceFile) call
XXX_ProcessRequestReplaceFile after the full length check. c()
to [5] and, in case of modeOfOperation equal to 0x04 (ReadFile) call
XXX_ProcessRequestReadFile after the full length check. c()
to [5] and, in case of modeOfOperation equal to 0x05 (ReadDir) call
XXX_ProcessRequestReadDir after the full length check. c()
[SWS_Dcm_01088] d If any of the file transfer operations XXX_ProcessRequest<yyy>
returns value E_NOT_OK, the Dcm module shall send a negative response with NRC
[SWS_Dcm_01455] d The Dcm shall use the value configured in DcmRequestFile-
TransferFileSizeOrDirInfoParameterLength as value sent in fileSizeOrDirIn-
foParameterLength in the response. c()

Manager

TransferFileSizeOrDirInfoParameterLength as number of bytes sent in file-
SizeUncompressedOrDirInfoLength and fileSizeCompressed in the response. c()
TransferLengthFormatIdentifier as value sent in lengthFormatIdentifier in the
response. c()
TransferLengthFormatIdentifier as number of bytes sent in maxNumberOf-
BlockLength in the response. c()
[SWS_Dcm_01457] d If the maxNumberOfBlockLength does not fit into the requested
lengthFormatIdentifier number of bytes, the Dcm shall send NRC 0x10 (generalReject).
c()
[SWS_Dcm_01458] d If the fileSizeUncompressedOrDirInfoLength or fileSizeCom-
pressed do not fit into the requested fileSizeOrDirInfoParameterLength number of
bytes, the Dcm shall send NRC 0x10 (generalReject). c()
7.5.2.24 Service 0x85 - ControlDTCSetting
An external test tool can request an ECU to either disable or enable DTC storage in the
ECUs error memory by sending a UDS Service 0x85 request with sub-function 0x01
("ON") or 0x02 ("OFF").
[SWS_Dcm_00249] d The Dcm module shall implement UDS Service ControlDTCSet-
ting (0x85) to enable or disable the storage of DTCs in the ECUs error memory. c
(SRS_Diag_04159)
[SWS_Dcm_01399] d If the Dcm receives a ControlDTCSetting (0x85) service with
DTCSettingControlOptionRecord != 0xFFFFFF, the Dcm shall send a NRC 0x31
(RequestOutOfRange).c(SRS_Diag_04159)
[SWS_Dcm_01063] d On reception of UDS Service 0x85 with subfunction 0x01 (DTC-
SettingType "ON"), the Dcm shall call Dem_EnableDTCSetting() with ClientId = Client
Id for this Dcm instance (see DcmDemClientRef). c(SRS_Diag_04115)
[SWS_Dcm_00783] d In case of Dem_EnableDTCSetting returns
E_OK (see [SWS_Dcm_01063]), the Dcm shall invoke a mode
switch of the ModeDeclarationGroupPrototype DcmControlDTC-
Setting by calling SchM_Switch_<bsnp>_DcmControlDTCSetting
(RTE_MODE_DcmControlDTCSetting_ENABLEDTCSETTING). c()
[SWS_Dcm_00406] d On reception of UDS Service 0x85 with subfunction 0x02 (DTC-
SettingType "OFF"), the Dcm shall call Dem_DisableDTCSetting() with ClientId = Client
Id for this Dcm instance (see DcmDemClientRef). c(SRS_Diag_04115)

Manager
[SWS_Dcm_00784] d In case of Dem_DisableDTCSetting returns

E_OK (see [SWS_Dcm_00406] ), the Dcm shall invoke a mode
switch of the ModeDeclarationGroupPrototype DcmControlDTC-
Setting by calling SchM_Switch_<bsnp>_DcmControlDTCSetting
(RTE_MODE_DcmControlDTCSetting_DISABLEDTCSETTING). c()
[SWS_Dcm_00751] d In case the DTCSetting is disabled and a transitions to de-
fault session or upon any diagnostic session change where the new session does
not support UDS Service ControlDTCsetting anymore, the Dcm module shall call
Dem_EnableDTCSetting() with the following parameters
and switch the mode DcmControlDTCSetting to DCM_ENABLEDTCSETTING. c()
For some use-cases the Dcm may re-enable the controlDTCsetting due to external
changed mode conditions:
[SWS_Dcm_00752] d In case the DTCSetting is disabled and at least one ref-
erenced arbitrary ModeDeclarationGroupPrototypes (see configuration parameter
DcmDspControlDTCSettingReEnableModeRuleRef) for service ControlDTCSet-
ting (0x85) with DTCSettingType "OFF" (0x02) are not fulfilled anymore, the Dcm mod-
ule shall call Dem_EnableDTCSetting() with the following parameters:
and switch the mode DcmControlDTCSetting to DCM_ENABLEDTCSETTINGc()
Note: If at least one ModeDeclarationGroupPrototypes is configured (see configuration
parameter DcmDspControlDTCSettingReEnableModeRuleRef) for service Con-
trolDTCSetting (0x85) with DTCSettingType "OFF" (0x02), it is recommended to acti-
vate the condition check for the according sub-function 0x02(see configuration param-
eter DcmDsdSubServiceModeRuleRef).
Note: This active observation of the referenced mode declaration groups can either be
achieved by polling the mode condition in each MainFunction cycle or by attaching to
the change notification of mode declaration group (SchM will trigger a BSWEntitiy in
Dcm on changes of this mode declaration group).
trolOptionRecord is set to true and the length of DTCSettingControlOptionRecord
in the request is different from 3 bytes, the Dcm shall return NRC 0x13 (Incorrect mes-
sage length or invalid format). c()
trolOptionRecord is set to false and the request contains any data after the sub-
function, the Dcm shall return NRC 0x13 (Incorrect message length or invalid format).
c()

Manager
7.5.2.25 Service 0x87 - LinkControl
This service is used to gain bus bandwidth for diagnostic purposes.

The Service LinkControl (0x87) is user optional. There are different project specific
use cases which are not handled in the default Dcm. One use case is to switch the
bandwidth in application an other use case performs an OEM bootloader jump.
Therefore the service LinkControl needs to be implemented project specific as external
service (refer to Chapter 8.8 Dcm as Service-Component).
7.5.3 OBD Services
7.5.3.1 Overview
The following table defines the OBD Services supported by the DCM.
Relevant OBD Ser- Support in the DCM
vice Identifier
$01 Supported
$02 Supported
$03 Supported
$04 Supported
$06 Supported
$07 Supported
$08 Supported
$09 Supported
$0A Supported
Table 7.34: Support for OBD services in the DCM
7.5.3.2 General behavior
In many cases, the Dcm protocol allows the bundling of several requests (for example
several "PIDs") and the corresponding bundling of the responses. The descriptions of
the behavior for the individual services do not explicitly consider this. As the Dcm needs
to comply with OBD standard (as is defined through various requirements below), the
Dcm might need to repeat the steps defined below to parse a request and assemble a
valid response.
In a vehicle there can be 3 different types of OBD ECUs:
• Master ECU (one per vehicle)
• Primary ECU (several per vehicle)
• Dependent / Secondary ECUs (several per vehicle)

Manager
From the Basic Software point of view Dependent / Secondary ECUs doesn’t need any
specific OBD functionality. In Dependent / Secondary ECUs OBD-relevant information
will not be stored in the Basic Software (e.g. no direct communication with the scan
tool). The respective OBD functionality might be handled in Dependent / Secondary
ECUs by a SWC.
The following OBD requirements are only valid for Master and Primary ECUs. If neces-
sary the OBD requirements differentiate between Master and Primary Requirement.
The following table gives an overview about which OBD functionality must be supported
in a Master ECU, Primary ECU or Dependent / Secondary ECU:
Functionality Master ECU Primary ECU Dependent /
Secondary ECU
OBD Scantool Yes Yes No
Communication
Table 7.35: Overview about OBD functionality in different OBD ECUs
[SWS_Dcm_00077] d When calling the DEM module for OBD services, the Dcm
module shall use the following values for the parameter DTCOrigin:
Service $0A uses DEM_DTC_ORIGIN_PERMANENT_MEMORY
All other services use DEM_DTC_ORIGIN_OBD_RELEVANT_MEMORY c
(SRS_Diag_04058)
7.5.3.3 Service $01 - Request Current Powertrain Diagnostic Data
[SWS_Dcm_00243] d The Dcm module shall implement the OBD service $01 (Request
Current Powertrain diagnostic Data) in compliance to all provisions of the OBD standard.
c()
Using Service $01, an external test tool can request an emission-related ECU to return
PID-values or to return the supported PIDs. OBD reserves certain PIDs for the special
purpose of obtaining the list of available PIDs in a certain range. These PIDs are called
"availability PIDs" and are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm collects the PID information from 1 to n SW-Cs. This applies in particular
for PIDs which contain several data values for potentially different sources. Example:
PID$83 reports Nox Sensor Data for sensor 1 and sensor 2 in one composed PID
which might come from different SW-C.
The Dcm configuration defines the PIDs that are available on the ECU. The Dcm con-
figuration defines for each such PID:
• The PID Identifier (see configuration parameter DcmDspPidIdentifier)
• Indication of the PID is used or not (for postbuild configuration) (see configuration
parameter DcmDspPidUsed)
• The size of the PID (see configuration parameter DcmDspPidSize)

Manager
• The supported information for this PID (see configuration parameter DcmDsp-
PidSupportInfo)
• List of data (DcmDspPidData) for the PID with the following configuration for
every data
– The length of the data associated with the PID (see configuration parameter
DcmDspPidDataByteSize)
– The position of the data in the PID (see configuration parameter DcmDsp-
PidByteOffset)
– The reference to the supported information container (see configuration pa-
rameter DcmDspPidDataSupportInfo)
– The Xxx_ReadData() function that the Dcm must call to obtain the current
value of the data or the name of the port that the Dcm uses to obtain the
current value through the RTE from a SW-C (see configuration parameters
DcmDspPidDataReadFnc and DcmDspPidDataUsePort)
[SWS_Dcm_00407] d On reception of an OBD Service $01 request with only "avail-
ability PIDs" as parameter, the Dcm shall respond with the corresponding supported
(=configured) PIDs encoded according to the OBD standard. c()
To obtain the value for a PID, the Dcm uses the configured Xxx_ReadData() functions
for every data of the PID. To provide OBD Service $01, the Dcm relies on external
functions that allow it to obtain the value of the PIDs. There is one such function per
data of every PID that is needed by the DCM.
When using a Xxx_ReadData() function, the Dcm provides a buffer of the correct length,
which is filled by the function with the data PID value.
[SWS_Dcm_00408] d On reception of an OBD Service $01 request with only PIDs
that are not "availability PIDs", the Dcm shall obtain the current value of these PIDs by
invoking the configured Xxx_ReadData() functions for every data of the PID and shall
return these values as response to Service $01. c()
[SWS_Dcm_00943] d On reception of an OBD Service $01 request with a mixure of
"avalibility PIDs" and not "avalibility PIDs", this request shall be ignored by the Dcm. c
()
The entity providing the actual implementation of the Xxx_ReadData() function for a
specific signal of a PID might be a SW-C or another basic software module. The origin
of the function is not known to the Dcm but is part of the Dcm configuration. Some
PIDs are provided by the DEM. These PIDs are also explicitly configured in the Dcm
configuration and it is the responsibility of a correct Dcm configuration to make the
Xxx_ReadData() function point to the correct function provided by the DEM.
[SWS_Dcm_CONSTR_6069] Dependency for DcmDspPidDataReadFnc d DcmD-
spPidDataReadFnc shall be only present if DcmDspPidDataUsePort is set to
USE_DATA_SYNCH_FNC. c()

Manager
For certain PIDs, the Dem provides the function to obtain the PID value. Which PIDs
come from the Dem are part of the Dcm configuration.
Note: For PIDs where Dem provides the function, DcmDspPidDataUsePort for that
PID should be set to USE_DATA_SYNCH_FNC and DcmDspPidDataReadFnc shall
point to the function Dem_DcmReadDataOfPID<NN> where <NN> represents the Id
of the PID.
The data byte A of the PIDs contain the support status of the subsequent data bytes.
Since not all data values might be available due to the particular vehicle configuration
(e.g. there is only a Nox-sensor 1 available in the vehicle in the example above), the
PID response contains in this data byte A the information about the support status of
the following data values. Note, that the PIDs always contain the same number of bytes
- even if not all values are really available.
[SWS_Dcm_00621] d If a PID contains support information (presence of DcmDsp-
PidDataSupportInfo container) the Dcm shall add the support information in the
diagnostic response. c()
[SWS_Dcm_00622] d If a PID contains support information (presence of DcmDspPid-
DataSupportInfo container) the Dcm shall calculate the support information value
according to the available data for this PID: for every DcmDspPidData container ex-
isting for this PID, the associated support information bits, referenced in DcmDspPid-
DataSupportInfo, shall be set to one c()
The response to the OBD-tester needs to be composed out of the available data values.
Data bytes that are not provided by an SW-C need to be replaced with fill-byte to obtain
a complete PID contents.
[SWS_Dcm_00623] d When responding to OBD Service $01, the Dcm shall put fill-bytes
between DcmDspPidData in the PID whenever content bytes are missing in order to
fit to the PID size (see configuration parameter DcmDspPidSize). c()
[SWS_Dcm_00944] d The Dcm shall set the fill bytes to 0x00. c()
Note: If other fill-bytes than 0x00 are needed by legistlation, the application has to
provide the value of the fill-byte.
and unsigned integer) into the response message of OBD Service $01 responses
the target endianness configured in DcmDspPidDataEndianness shall be con-
sidered for DcmDspPidData elements having DcmDspPidDataUsePort set to
USE_DATA_SENDER_RECEIVER or USE_DATA_SENDER_RECEIVER_AS_SERVICE.
In case DcmDspPidDataEndianness is not present, the DcmDspDataDefault-
Endianness shall be used instead. c()
[SWS_Dcm_CONSTR_6068] Dependency for DcmDspPidDataEndianness d In
case DcmDspPidDataEndianness is not present, the DcmDspDataDefaultEndi-
anness shall be used instead. c()

Manager
7.5.3.4 Service $02 - Request Power Train FreezeFrame Data
[SWS_Dcm_00244] d The Dcm shall implement OBD Service $02 (Request Power Train
FreezeFrame Data) in compliance to all provisions of the OBD standard. c()
For OBD-relevant FreezeFrames AUTOSAR only supports frame 0, which is the mini-
mum required by legislation.
[SWS_Dcm_00409] d The Dcm shall ignore all requests regarding record-numbers that
are not 0 c()
[SWS_Dcm_00972] d On reception of an OBD Service $02 request with a mixure of
"availability PIDs" and not "availability PIDs", this request shall be ignored by the Dcm.
c()
[SWS_Dcm_00973] d When responding to OBD Service $02, the Dcm shall put fill-bytes
between DcmDspPidData in the PID whenever content bytes are missing in order to
fit to the PID size (see configuration parameter DcmDspPidSize). c()
[SWS_Dcm_00974] d The Dcm shall set the fill bytes to 0x00. c()
Note: If other fill-bytes than 0x00 are needed by legislation, the application has to
provide the value of the fill-byte.
The following sections define how specific PIDs are handled by the Dcm.
7.5.3.4.1 Service $02 - PID$02
An external tester can request the DTC that caused a FreezeFrame to be stored by
using the Service $02 with the PID value $02.
[SWS_Dcm_00279] d On reception of a request for Service $02 with PID $02, the Dcm
shall call Dem_DcmGetDTCOfOBDFreezeFrame() with FrameNumber set to 0x00 to
get the DTC number. c(SRS_Diag_04058)
The Dem module returns the corresponding DTC. Note that this 2-byte DTC is packed
into the 4-byte data returned by the call to Dem_DcmGetDTCOfOBDFreezeFrame ().
see Dem specification on how this is done.
[SWS_Dcm_01061] d If Dem_DcmGetDTCOfOBDFreezeFrame returns E_NOT_OK,
the Dcm shall answer positively with $0000 (indicates no stored freeze frame data). c()
7.5.3.4.2 Service $02 - availability PID
Using Service $02, an external tester may request the supported PIDs for a specific
freeze-frame by using the "availability PIDs".

Manager
[SWS_Dcm_00284] d On reception of a service $02 request with an "availability PID",

the Dcm shall respond with the corresponding supported (=configured) PIDs encoded
according to the OBD standard. c()
7.5.3.4.3 Service $02 - other PIDs
Using Service $02, an external tester may request the values of specific PIDs in specific
FreezeFrames.
[SWS_Dcm_00286] d On reception of a service $02 request with a
PID that is not an "availability PID" and is not $02, the Dcm shall call
Dem_DcmReadDataOfOBDFreezeFrame() for every data of the PID with the
following parameter values:
• PID = the PID received in the OBD request
• DestBuffer = a buffer in which the callee can write the value of the PID
• BufSize = the size of the DestBuffer, this must be at least equal to the size needed
to store the value of the PID as configured in the DCM
• DataElementIndexOfPid = implicit index (from 0 to n) of the DataElement calcu-
lated by Dcm according to the order of the DataElement positions in the PID (see
parameter DcmDspPidByteOffset)
c()
Note that is not necessary for the Dcm module to lock or unlock the record updates of
the Dem module.
[SWS_Dcm_00287] d Upon the completion of [SWS_Dcm_00286], the Dcm shall gen-
erate a response message including the respective PID, FreezeFrame Number and
the associated data record for the requested FreezeFrame number. c()
[SWS_Dcm_01252] d If Dem_DcmReadDataOfOBDFreezeFrame() returns
E_NOT_OK and a single PID is requested, the Dcm shall not provide any answer. c()
E_NOT_OK and all PIDs from the requested multiple PID(s) are not supported,
the Dcm shall not provide any answer. c()
E_NOT_OK and at least one PID from the requested multiple PID(s) is sup-
ported, the Dcm shall send a positive response including the data of the supported
PID(s). c()

Manager
7.5.3.5 Service $03 $07 $0A - Obtaining DTCs
[SWS_Dcm_00245] d The Dcm module shall implement OBD Service $03 (Request
emission-related diagnostic trouble codes) in compliance to all provisions of the OBD
standard. c()
Emission-Related Diagnostic Trouble Codes Detected during Current or Last Com-
pleted Driving Cycle) in compliance to all provisions of the OBD standard. c()
[SWS_Dcm_00411] d The Dcm module shall implement OBD Service $0A (Request
Emission-Related Diagnostic Trouble Codes with Permanent Status) in compliance to
all provisions of the OBD standard. c()
An external test tool can request an emission-related ECU to report all stored, pending
or permanent emission-related DTCs by sending the request $03, $07, $0A respec-
tively.
[SWS_Dcm_00289] d When receiving a request for OBD Service $03, the Dcm module
shall obtain from the DEM all DTCs in primary memory and with a "confirmed" status
using the functions Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
Note: The Dcm module can get an indication of the number of records that will be
found using Dem_GetNextFilteredDTC() by using Dem_GetNumberOfFilteredDTC().
through the DTCs.
shall obtain from the DEM module all DTCs in primary memory with a "pending" status
using the functions Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
through the DTCs.
[SWS_Dcm_00330] d When receiving a request for OBD Service $0A, the Dcm module
shall obtain from the DEM all DTCs stored in permanent memory using the functions
Dem_SetDTCFilter() and Dem_GetNextFilteredDTC(). c()
through the DTCs.
The following table illustrates the parameters the Dcm module must use when calling
Dem_SetDTCFilter() in response to a request for OBD Service $03, $07 or $0A.
Parameters to Dem_SetDTCFilter
OBD Service $03 $07 $0A

Manager
Parameters to Dem_SetDTCFilter
DTCStatusMask 0x08 (confirmed bit 0x04(pending bit set) 0x00
set)
DTCFormat DEM_DTC_ DEM_DTC_ DEM_DTC_
FORMAT_OBD FORMAT_OBD FORMAT_OBD
DTCOrigin DEM_DTC_ORIGIN_ DEM_DTC_ORIGIN_ DEM_DTC_ORIGIN_
OBD_RELEVANT_ OBD_RELEVANT_ PERMANENT
MEMORY MEMORY
FilterWithSeverity DEM_FILTER_WITH_ DEM_FILTER_WITH_ DEM_FILTER_WITH_
SEVERITY_NO SEVERITY_NO SEVERITY_NO
DTCSeverityMask Not relevant Not relevant Not relevant
FilterForFaultDetec- DEM_FILTER_FOR_ DEM_FILTER_FOR_ DEM_FILTER_FOR_
tionCounter FDC_NO FDC_NO FDC_NO
Table 7.36: Dem_SetDTCFilter Parameters
implementation of this service.
[SWS_Dcm_01227] d Dem_GetNextFilteredDTC returns
trieved before, the Dcm shall send a positive response including these data elements
and the number of DTCs. c()
[SWS_Dcm_01228] d If Dem_GetNextFilteredDTC returns
fore, the Dcm shall send a positive response with the number of DTCs set to 0x00. c
()
7.5.3.6 Service $04 - Clear/reset emission-related diagnostic information
[SWS_Dcm_00246] d The Dcm module shall implement OBD Service $04 (Clear/re-
set emission-related diagnostic information) in compliance to all provisions of the OBD
standard. c()
An external test tool can request an emission-related ECU to clear the error memory
by sending the request $04.
shall call the interface Dem_SelectDTC with the following parameter values:
• DTC = DEM_DTC_GROUP_ALL_DTCS

Manager
• DTCFormat = DEM_DTC_FORMAT_OBD
• DTCOrigin = DEM_DTC_ORIGIN_OBD_RELEVANT_MEMORY
c(SRS_Diag_04058)
Note: this interface will always return E_OK.
[SWS_Dcm_01401] d After calling Dem_SelectDTC, the Dcm shall call the interface
Dem_ClearDTC() with the following parameter value:
c()
[SWS_Dcm_00413] d In case Dem_ClearDTC() returns E_OK, the Dcm module shall
send a positive response. c()
[SWS_Dcm_00703] d In case Dem_ClearDTC() returns DEM_PENDING, the Dcm
shall invoke Dem_ClearDTC() on next Dcm_MainFunction call again. It is up to the
Dcm to send NRC 78 (ResponsePending) to respect the response behaviour c()
[SWS_Dcm_00704] d In case Dem_ClearDTC() returns DEM_CLEAR_FAILED, the
Dcm shall send a negative response 0x22 (conditionsNotCorrect). c()
[SWS_Dcm_00967] d In case Dem_ClearDTC() returns DEM_CLEAR_BUSY, the Dcm
shall send a negative response 0x22 (ConditionsNotCorrect). c()
[SWS_Dcm_01067] d In case Dem_ClearDTC() returns
DEM_CLEAR_MEMORY_ERROR, the Dcm module shall send a negative response
0x22 (ConditionNotCorrect). c()
7.5.3.7 Service $06 - Request On-Board Monitoring Test-results for Specific

Monitored Systems
7.5.3.7.1 General requirements
On-Board Monitoring Test-results for Specific Monitored Systems) in compliance to all
provisions of the OBD standard. c()
Using Service $06, an external test tool can request an emission-related ECU to return
the DTR’s associated with the OBDMID or to return the supported OBDMIDs. OBD
reserves certain OBDMIDs for the special purpose of obtaining the list of supported
OBDMIDs in a certain range. These OBDMIDs are called "availability OBDMIDs" and
are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
A tester request for supported OBDMIDs may contain up to six (6) "availability OBD-
MIDs".

Manager
[SWS_Dcm_00945] d On reception of an OBD Service $06 request with "availability

OBDMIDs" together with other OBDMIDs as parameter, the Dcm module shall ignore
the request. c()
[SWS_Dcm_00956] d On reception of an OBD Service $06 request with multiple non-
availability OBDMIDs, the Dcm module shall ignore the request. c()
7.5.3.7.2 Test results obtained via Dem interaction
The maintenance of the DTRs lies within the responsibility of the DEM. SW-Cs report-
ing DTRs use dedicated interfaces offered by the DEM. Upon requests from the tester
the Dcm retrieves the information from the DEM using dedicated DEM interfaces. There
is no direct interaction between the Dcm and SW-Cs.
[SWS_Dcm_00957] d On reception of an OBD Service $06 request with only "avail-
ability OBDMID(s)" as parameter(s), the Dcm module shall obtain the supported OB-
DMIDs by calling the Dem interface Dem_DcmGetAvailableOBDMIDs()for each "avail-
ability OBDMID ($00, $20, ...)" contained within the request and concatenate the re-
sults within the response message according to ISO-15031-5 [2]. c()
[SWS_Dcm_00958] d On reception of an OBD Service $06 request with an OBDMID
that is not an "availability OBDMID", the Dcm module shall call the DEM interface
Dem_DcmGetNumTIDsOfOBDMID() to obtain the TIDs available for the requested OB-
DMID and then recurrently call the interface Dem_DcmGetDTRData() for the number
of reported TIDs to obtain the associated DTR data. c()
7.5.3.8 Service $08 - Request Control of On-Board System, Test or Component
Control of On-Board System, Test or Component) in compliance to all provisions of the
OBD standard. c()
Using Service $08, an external test tool can control an on-board system, test or com-
ponent using a TID. OBD reserves certain TIDs for the special purpose of obtaining the
list of supported TIDs in a certain range. These TIDs are called "availability TIDs" and
are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm module’s configuration defines the TIDs that are available on the ECU for
the purpose of OBD Service $08. The configuration defines for each such TID (see
configuration parameter DcmDspRequestControlTestId):
• the name of the port the Dcm uses to access the RequestControlServices inter-
face (see configuration parameter DcmDspRequestControl)
• the number of bytes this function takes as input (see configuration parameter
DcmDspRequestControlInBufferSize)

Manager
• the number of bytes this function writes as output (see configuration parameter
DcmDspRequestControlOutBufferSize)
To provide OBD Service $08, the Dcm relies on external functions configured per TID.
[SWS_Dcm_00418] d On reception of an OBD Service $08 request with one or more
"availability TIDs" as parameter, the Dcm module shall respond with the corresponding
supported (=configured) TIDs. c()
[SWS_Dcm_00947] d On reception of an OBD Service $08 request "availability TIDs"
together with other TIDs as parameter, the Dcm module shall ignore the request. c()
[SWS_Dcm_00419] d On reception of an OBD Service $08 request with a TID that is not
an "availability TID", the Dcm module shall invoke the configured Xxx_RequestControl()
function with the following parameters values: InBuffer: data contained in the OBD
request (the size of which must correspond to the size configured in the Dcm module’s
configuration) OutBuffer: space in which the RequestControl function can store its
result (the size of the buffer is taken from the Dcm module’s configuration) c()
[SWS_Dcm_00420] d After the execution of [SWS_Dcm_00419], the Dcm module shall
respond to the service request using the data stored by the RequestControl function in
the OutBuffer. c()
[SWS_Dcm_00948] d As specified in [3, SAE J1979], unused data bytes shall be filled
with $00. c()
[SWS_Dcm_01192] d If Xxx_RequestControl() doesn’t return E_OK, the Dcm shall re-
turn NRC 0x22. c()
7.5.3.9 Service $09 - Request Vehicle Information
Vehicle Information) in compliance to all provisions of the OBD standard. c()
Using Service $09, an external test tool can request vehicle information or can obtain
lists of supported vehicle information. OBD reserves certain InfoTypes for the special
purpose of obtaining the list of supported InfoTypes in a certain range. These Infotypes
are called "availability InfoTypes" and are $00, $20, $40, $60, $80, $A0, $C0 an $E0.
The Dcm module’s configuration defines the InfoTypes and associated data that are
available on one or several SW-C. The configuration defines for each such InfoType:
• The value of InfoType (see configuration parameter DcmDspVehInfoInfoType)
• For every data of the InfoType:
– The position of this data in the InfoType (see configuration parameter DcmD-
spVehInfoDataOrder)
– the size of the value of the InfoType data (see configuration parameter
DcmDspVehInfoDataSize)

Manager
– the function that the Dcm module must call to obtain the value for this Info-
Type data OR the port-name through which the Dcm module can obtain the
value for this InfoType data (see configuration parameter DcmDspVehInfo-
DataReadFnc and DcmDspVehInfoDataUsePort).
To provide OBD Service $09, the Dcm relies on external functions that allow it to obtain
the value of an InfoType data. There is one such function per InfoType data that is
needed by the DCM.
When invoking a Xxx_GetInfotypeValueData() function, the Dcm module provides a
buffer of the correct size in which the value of the InfoType data can be stored. The
entity providing the actual implementation of the Xxx_GetInfotypeValueData() function
for a specific InfoType data might be a SW-C or another basic software module. The
origin of the function is part of the Dcm module’s configuration.
Certain InfoTypes needed by the Dcm to provide Service $09 are provided by the DEM.
This is handled in the Dcm configuration.
[SWS_Dcm_00422] d On reception of an OBD Service $09 request with one or more
"availability InfoTypes" as parameter, the Dcm module shall respond with the corre-
sponding supported (=configured) InfoTypes. c()
[SWS_Dcm_00949] d On reception of an OBD Service $09 request "availability Info-
Types" together with other InfoTypes as parameter, the Dcm module shall ignore the
request. c()
[SWS_Dcm_00423] d On reception of an OBD Service $09 request for an InfoType that
is not an "availability InfoType", the Dcm module shall obtain the value of this InfoType
by invoking all the configured Xxx_GetInfotypeValueData() function for every data of
this InfoType and shall return the value as response to Service $09 c()
[SWS_Dcm_00684] d In case DcmDspVehInfoNODIProvResp is set to FALSE, in
addition to collect the available InfoType value contributions from the individual SW-C,
the Dcm shall compute the data byte NofDataItems in the diagnostic response, which
defines the number of DataItems included in one InfoType. c()
Note: The Calculation of the Calibration Identification (CAL-ID) and Calibration Verifi-
cation Number (CVN) is not a BSW Task and will not handled within the DCM.
[SWS_Dcm_01167] d In case DcmDspVehInfoNODIProvResp is set to TRUE, the
Dcm shall take over the value returned by the provider and report it as NofDataItems in
the diagnostic response. c()
[SWS_Dcm_CONSTR_6045] d In case the responsibility is on provider side (DcmD-
spVehInfoNODIProvResp is set to TRUE), only one DcmDspVehInfoData con-
tainer shall be allowed. c()
[SWS_Dcm_CONSTR_6046] d In case DcmDspVehInfoDataUsePort
is set to FALSE and DcmDspVehInfoDataReadFnc is set to either
Dem_DcmGetInfoTypeValue08 or Dem_DcmGetInfoTypeValue0B then DcmD-
spVehInfoNODIProvResp shall be set to TRUE. c()

Manager
Note : The integrator has to make sure that the buffer determined by the DcmDspVe-
hInfoDataSize is sufficiently sized to receive the data returned by the provider of
the data.
[SWS_Dcm_01191] d If Xxx_GetInfoTypeValueData() doesn’t return E_OK or
E_PENDING, the Dcm shall return NRC 0x12. c()
7.5.4 Interaction usecases
The Dcm shall be able to manage a jump to the bootloader / jump due to ECUReset
request. Due to the diversity of possibility to realize this jump, this will be done using
callout call.
7.5.4.1 Jump to Bootloader
4 different use cases have been identified for the jump to the bootloader, if all precon-
ditions are fulfilled and assuming the ’suppressPosRspMsgIndicationBit ’ flag is set to
’false’:
1. The application immediately sends a final positive response and then jumps to
the bootloader
2. The application first sends a NRC 0x78 response, then the final positive response
and afterwards jumps to the bootloader
3. The application immediately jumps to the bootloader and the bootloader sends
the final positive response
4. The application first sends a NRC 0x78 response, then jumps to the bootloader
and the bootloader sends the final positive response
Note: In case the ’suppressPosRspMsgIndicationBit’ flag is set to ’true’, use case ’1’
and use case ’3’ will not issue a positive response.
[SWS_Dcm_00532] d On reception of service DiagnosticSessionControl if the pro-
vided session is used to jump to OEM bootloader (parameter DcmDspSessionFor-
Boot set to DCM_OEM_BOOT or DCM_OEM_BOOT_RESPAPP) the Dcm shall pre-
pare the jump to the OEM bootloader (see [SWS_Dcm_00535]) by triggering the mode
switch of ModeDeclarationGroupPrototype DcmEcuReset to JUMPTOBOOTLOADER.
c(SRS_Diag_04098)
Note: By this mode switch the Dcm informs the BswM to prepare the jump to the boot-
loader.
[SWS_Dcm_00592] d On reception of service DiagnosticSessionControl if the pro-
vided session is used to jump to System Supplier bootloader (parameter DcmDspSes-
sionForBoot set to DCM_SYS_BOOT or DCM_SYS_BOOT_RESPAPP) the Dcm
shall prepare the jump to the System Supplier bootloader (see [SWS_Dcm_00535])

Manager
by triggering the mode switch of ModeDeclarationGroupPrototype DcmEcuReset to

JUMPTOSYSSUPPLIERBOOTLOADER c(SRS_Diag_04098)
Note: By this mode switch the Dcm informs the BswM to prepare the jump to the boot-
loader.
[SWS_Dcm_01164] d In case the service DiagnosticSessionControl implies an ECU
reset, the Dcm shall ignore all further requests while that reset is being processed. c()
[SWS_Dcm_00654] d In case the ModeDeclarationGroupPrototype DcmEcuRe-
set is switched to mode JUMPTOBOOTLOADER or JUMPTOSYSSUPPLIERBOOT-
LOADER and the configuration parameter DcmSendRespPendOnRestart is set to
TRUE, the Dcm shall trigger transmission of NRC 0x78 - RCR-RP. c(SRS_Diag_04098)
Note: This final transmission of NRC 0x78 before switching to Bootloader shall reload
the P2* timeout in the client.
[SWS_Dcm_01175] d In case the ModeDeclarationGroupPrototype DcmEcuReset can
not be switched JUMPTOBOOTLOADER or JUMPTOSYSSUPPLIERBOOTLOADER,
the Dcm shall answer negatively to the request with NRC 0x22 (Conditions not correct).
c()
[SWS_Dcm_00535] d If the jump to bootloader is requested (see [SWS_Dcm_00532],
[SWS_Dcm_00592], the configuration parameter DcmSendRespPendOnRestart is
set to TRUE (see [SWS_Dcm_00654]) and the configuration parameter DcmDspSes-
sionForBoot is set to DCM_OEM_BOOT or DCM_SYS_BOOT, the Dcm shall call
Dcm_SetProgConditions after a successful transmission of NRC 0x78 (Response
pending). c(SRS_Diag_04098)
This will allow to store all relevant information prior to jumping to the bootloader.
Note: It is up to the software integrator to decide where to store that data. Usually it
will be stored in non-volatile memory like e.g. data flash. It is also acceptable to "store"
this data in a RAM section which is not initialized out of reset.
[SWS_Dcm_01163] d In the context of a request to jump to the bootloader (see
[SWS_Dcm_00532] and [SWS_Dcm_00592]), after Dcm_SetProgConditions re-
turns E_OK according to [SWS_Dcm_00535], the Dcm shall trigger the mode
switch of the ModeDeclarationGroupPrototype DcmEcuReset to EXECUTE. c
(SRS_Diag_04098)
[SWS_Dcm_01177] d If the jump to bootloader is requested (see [SWS_Dcm_00532],
[SWS_Dcm_00592], the configuration parameter DcmSendRespPendOn-
Restart is set to TRUE (see [SWS_Dcm_00654]), and the configuration pa-
rameter DcmDspSessionForBoot is set to DCM_OEM_BOOT_RESPAPP or
DCM_SYS_BOOT_RESPAPP, the Dcm shall initiate the final response after a
successful transmission of NRC 0x78 (Response pending). c(SRS_Diag_04098)
[SWS_Dcm_00995] d If the NRC 0x78 (Response Pending) response in
[SWS_Dcm_00535] is not sent successfully the Dcm shall cancel the current request.
c()

Manager
[SWS_Dcm_00997] d If the NRC 0x78 (Response Pending) response in

[SWS_Dcm_00535] is not sent successfully no jump to the bootloader shall be per-
formed c()
Note: If the NRC 0x78 (Response Pending) response has not been sent correctly the
Dcm will stay in the application and wait for the next request from the Client.
[SWS_Dcm_01178] d In case the ModeDeclarationGroupPrototype DcmEcuRe-
set is switched to mode JUMPTOBOOTLOADER or JUMPTOSYSSUPPLIER-
BOOTLOADER, the configuration parameter DcmSendRespPendOnRestart is set
to FALSE and the configuration parameter DcmDspSessionForBoot is set to
DCM_OEM_BOOT_RESPAPP or DCM_SYS_BOOT_RESPAPP , the Dcm shall initi-
ate the final response c()
[SWS_Dcm_01179] d In case the final response has been successfully sent
according to [SWS_Dcm_01177] or [SWS_Dcm_01178], the Dcm shall call
Dcm_SetProgConditions c()
[SWS_Dcm_01180] d If Dcm_SetProgConditions returns E_OK according to
[SWS_Dcm_01179], the Dcm shall trigger the mode switch of the ModeDeclara-
tionGroupPrototype DcmEcuReset to EXECUTE. c()
[SWS_Dcm_01181] d If Dcm_SetProgConditions returns E_NOT_OK according to
[SWS_Dcm_01179], the Dcm shall not request any reset, shall not perform the jump to
bootloader, and shall not switch the ModeDeclarationGroupPrototype DcmEcuReset to
EXECUTE. c()
[SWS_Dcm_00720] d In case the ModeDeclarationGroupPrototype DcmE-
cuReset is switched to mode JUMPTOBOOTLOADER or JUMPTOSYSSUP-
PLIERBOOTLOADER, the configuration parameter DcmSendRespPendOn-
Restart is set to FALSE and the configuration parameter DcmDspSession-
ForBoot it set to DCM_OEM_BOOT or DCM_SYS_BOOT, the Dcm shall
call Dcm_SetProgConditions immediately. (see [SWS_Dcm_00532] and
[SWS_Dcm_00592]) c()
[SWS_Dcm_00719] d If Dcm_SetProgConditions returns E_OK according to
[SWS_Dcm_00720], the Dcm shall shall trigger the mode switch of the ModeDecla-
rationGroupPrototype DcmEcuReset to EXECUTE without sending a NRC 0x78 (Re-
sponse pending). c()
In case of [SWS_Dcm_00719], the exact response handling depends on the state of
the ’suppressPosRspMsgIndicationBit’ (TRUE or FALSE) in the request message.
[SWS_Dcm_00715] d If the jump to bootloader is requested (see [SWS_Dcm_00532]
and [SWS_Dcm_00592]) and if the call to Dcm_SetProgConditions returns
E_NOT_OK (see [SWS_Dcm_00535] and [SWS_Dcm_00720]), no further action shall
be taken by the Dcm and negative response NRC 0x22 (Conditions not correct) shall be
returned. c()

Manager
7.5.4.2 Jump due to ECUReset
On reception of an ECUReset Service 0x11 request, if the configuration parameter

DcmResponseToEcuReset is set to AFTER_RESET, the Dcm will set the Respon-
seRequired flag by calling Dcm_SetProgConditions.
[SWS_Dcm_01423] Answer to ECUReset request d On reception of an ECUReset
Service 0x11 request, if DcmResponseToEcuReset is set to AFTER_RESET, the Dcm
shall answer to EcuReset service after the reset. c(SRS_Diag_04098)
[SWS_Dcm_01424] Answer to ECUReset request d On reception of an ECUReset
Service 0x11 request, if DcmResponseToEcuReset is set to BEFORE_RESET, the
Dcm shall answer to EcuReset service before the reset. c(SRS_Diag_04098)
[SWS_Dcm_01425] Answer to ECUReset request d If the Dcm intiates a reset and
DcmSendRespPendOnRestart is set to TRUE, the Dcm shall trigger transmission of
NRC 0x78 (Response pending) before the reset. c(SRS_Diag_04098)
7.5.4.3 Jump from Bootloader / ECUReset
[SWS_Dcm_00536] d At Dcm initialization, the Dcm shall call

Dcm_GetProgConditions to know if the initialization is the consequence of a
jump from the bootloader / ECUReset. c(SRS_Diag_04098)
Note: It is the responsibility of the software integrator to ensure that the data contained
in Dcm_ProgConditionsType is valid when Dcm_Init is called. E.g. if this data is
stored in non-volatile memory, it may take some time to make it available after an ECU
reset. This has to be taken into account when designing the ECU’s startup process.
[SWS_Dcm_00537] d If the initialization of the Dcm is the consequence of a
jump from the bootloader / ECUReset (see [SWS_Dcm_00536], the Dcm shall call
ComM_DCM_ActiveDiagnostic(NetworkId) to request the ComManager for the full
communication mode. c()
[SWS_Dcm_00767] d When the ComM reports full communication to the Dcm, the Dcm
shall send the Response to the Service Id passed in the Dcm_ProgConditionsType. c
(SRS_Diag_04098)
[SWS_Dcm_00768] d If the initialization of the Dcm is the consequence of a jump
from the bootloader (see [SWS_Dcm_00536] and the application is updated by an
FLASH download (Dcm_ProgConditionsType.ApplUpdated == True), the Dcm shall call
BswM_Dcm_ApplicationUpdated() to notify the BswM that the application was updated.
c()

Manager
7.5.4.4 Flags management
7.5.4.4.1 Jump to Bootloader
[SWS_Dcm_01182] d On reception of a UDS Service 0x10 request (Diagnostic Session

Control) with subfunction 0x02 (Start Programming Session), the Dcm shall set the
ReprogramingRequest flag and, if indicated for this service, the ResponseRequired
flag by calling Dcm_SetProgConditions. c()
[SWS_Dcm_01183] d Depending on configuration parameter DcmDspSessionFor-
Boot, either the application shall send the positive response (if suppressPosRspMs-
gIndicationBit = FALSE) or after an ECU reset, when the bootloader is started, it shall
send a response and clear the ResponseRequired flag. In either case, the bootloader
shall clear the ReprogramingRequest flag. c()
[SWS_Dcm_01185] d In case that, during jump to Bootloader, the
Dcm_SetProgConditions API returns E_NOT_OK, a DET error shall be re-
ported (DCM_E_SET_PROG_CONDITIONS_FAIL) and normal functionality shall
resume. c()
7.5.4.4.2 Jump from Bootloader
After successful reprograming of the application software, the bootloader will update
the ApplUpdated flag and the ResponseRequired flags.
After an ECU reset, when the newly programmed application is started for the first
time, the Dcm will read the ApplUpdated and ResponseRequired flag by calling
Dcm_GetProgConditions. During this function call the ApplUpdated and Respon-
seRequired flags are cleared by the integration code.
7.6 Error notification

The Default Error Tracer module is just help for BSW development and integration. It
must not be contained inside the production code. The API is defined, but the function-
ality can be chosen and implemented according to the development needs (e.g. errors
count, send error information via a serial interface to an external logger, and so on).
7.7 Synchronous and Asynchronous implementation

The Dcm can access data using an R-Port requiring either a syn-
chronous or an asynchronous ClientServertInterface DataServices_{Data}.
In the Dcm SWS, the parameter DcmDspDataUsePort is set to
or USE_DATA_ASYNCH_CLIENT_SERVER_ERROR.

Manager
In case of USE_DATA_SYNCH_CLIENT_SERVER, the interface shall be com-

patible with the Dem interface "DataServices_<Data>" (no OpStatus param-
eter). The parameter OpStatus and return parameter DCM_E_PENDING
shall only be available in case of USE_DATA_ASYNCH_CLIENT_SERVER or
USE_DATA_ASYNCH_CLIENT_SERVER_ERROR.
Note: a Dcm implementation using AsynchronousServerCallPoint or Syn-
chronousServerCallPoint when calling service processors is completely an im-
plementation decision. This only indicates that the operation uses the status of
the operation to allow an asynchronous processing by the SW-C (initiating a re-
quest, checking if a request is still pending, or canceling a pending request, see
[SWS_Dcm_00686]).
There is no correlation to the operation signature (i.e. existence of OpStatus parameter
and DCM_E_PENDING return code) that demands AsynchronousServerCallPoint or
SynchronousServerCallPoint usage.
[SWS_Dcm_01187] d If an asynchronous interface is used, the Dcm shall consider the
Output data (OUT) only valid after the last call to the interface that returns E_OK. c()
[SWS_Dcm_01188] d If an asynchronous interface is used, the Dcm shall consider
the OUT-parameter ErrorCode only valid after the last call to the interface that returns
E_NOT_OK c()
Note : The "last call" to the interface is the call that returns with a value that indicates
that processing has finished, i.e. E_OK or E_NOT_OK.
Note : INOUT parameter are a combination of the requirements above, i.e. on each
call of the interface the parameters shall have a valid in-value, and the Dcm considers
the out-value valid only after the last call of the interface.
[SWS_Dcm_01189] d If an asynchronous interface is used, the Dcm shall provide the
values originating from the request for the Input data (IN) on every call to the interface.
c()
Note: Requirements [SWS_Dcm_01187], [SWS_Dcm_01188] and
[SWS_Dcm_01189] do not apply for functions where a deviant behaviour is ex-
plicitly specified.
7.8 DID configuration

The configuration of the Dcm contains a list of supported DIDs which can be configured
in two ways:
• The individual DID configuration,which required one connection (either via a port
or a c-function) per configured data element of the respective DID to access to
the data (reading, writing and controlling). The interface DataServices should be
used for each DID in this case.

Manager
• The DID range configuration, used to handle a set of DIDs sharing the same
behavior uniformly in one SW-C with only one port-connection. The interface
DataServices_DIDRange_{Range} should be used in this case. Using this con-
figuration allows an interface optimization.The following parameters shall be con-
figured in order to use the DIDRange optimization: DcmDspDidRangeIdenti-
fierLowerLimit and DcmDspDidRangeIdentifierUpperLimit which de-
limited the range of the DIDs. DcmDspDidRangeMaxDataLength and DcmD-
spDidRangeHasGaps.
[SWS_Dcm_01174] d If DcmVinRef is configured then the VIN shall be fetched once
by the Dcm during startup by calling Dcm_GetVin. c()
7.8.1 Individual DID
The individual DID can be configured in ECUC_Dcm_00601: DcmDspDid. A unique

DID identifier is configured on 2 bytes in ECUC_Dcm_00602: DcmDspDidIdenti-
fier. In case the DID refers to other DIDs, the link between them can be configured
in ECUC_Dcm_00606 : DcmDspDidRef2 . Each DID allows to access to signal data
values (by reading and/or writing). The signal reference (to DcmDspData) and the po-
sition of the data in the diagnostic answer (for reading) or request (for writing) can be
configured in ECUC_Dcm_00813: DcmDspDidSignal.
The configuration of the data belonging to the DID can be provided in the container
DcmDspData (ECUC_Dcm_00869). This container collects the following information:
• The Data endianness of the data belonging to the DID (ECUC_Dcm_00986:
DcmDspDataEndianness)
• The length and the type of the data (ECUC_Dcm_00605: DcmDspDataByte-
Size, ECUC_Dcm_00985 : DcmDspDataType)
• The interface to be used to access to the data (ECUC_Dcm_00713: DcmDsp-
DataUsePort)
• The NRAM blockId to access the data (ECUC_Dcm_00809 : DcmDspDat-
aBlockIdRef)
• The interfaces to the application in order to :
– Check if the DID can be accessed in the current conditions. This
can be achieved by checking for each DataElement if the conditions
to read the data are satisfied (ECUC_Dcm_00677: DcmDspDataCon-
ditionCheckReadFnc and ECUC_Dcm_00955: DcmDspDataCondi-
tionCheckReadFncUsed)
– Request to freeze the current state of an IOControl (ECUC_Dcm_00674:
DcmDspDataFreezeCurrentStateFnc)
2
Overview of DcmDspDid container is described in chapter 10.2.5.7.1

Manager
– Get the scaling information of the DID. This can be achieved by getting the
scaling information for each DataElement (ECUC_Dcm_00676: DcmDsp-
DataGetScalingInfoFnc)
– Request the data length of a DataElement (ECUC_Dcm_00671: DcmDsp-
DataReadDataLengthFnc)
– Read a certain ECU signal (ECUC_Dcm_00824: DcmDspDataReadE-
cuSignal).
– Access in reading or writing to the data (ECUC_Dcm_00669 : DcmDsp-
DataReadFnc, ECUC_Dcm_00670: DcmDspDataWriteFnc)
– Request to reset an IOControl to default value (ECUC_Dcm_00673 : DcmD-
spDataResetToDefaultFnc)
– Request to return control to ECU of an IOControl (ECUC_Dcm_00672 :
DcmDspDataReturnControlToEcuFnc)
– Request to adjust the IO signal (ECUC_Dcm_00675 : DcmDspDataShort-
TermAdjustmentFnc)
It is also possible to configure an alternative diagnosis representation via
ECUC_Dcm_00993: DcmDspDiagnosisScaling.
The following example shows how to configure the containers DcmDspDid and DcmD-
spData for an individual DID 0xF080. This configuration allows access to a byte
of data via synchronous C APIs WriteDID_F080 (for writing) and ReadDID_F080 (for
reading).
• DcmDspDidIdentifier=0xF080
• DcmDspDidByteOffset=0
• DcmDspDidDataRef=DcmDspData_F080
• DcmDspDataByteSize=8
• DcmDspDataType=UINT8_N
• DcmDspDataUsePort=USE_DATA_SYNCH_FNC
• DcmDspDataWriteFnc=WriteDID_F080
• DcmDspDataReadFnc=ReadDID_F080
[SWS_Dcm_CONSTR_6067] Dependency for DcmDspDataBlockIdRef d DcmD-
spDataBlockIdRef shall be only present if DcmDspDataUsePort is set to
USE_BLOCK_ID. c()

Manager
7.8.2 DID ranges
DID ranges are in general the same as the ’normal’ DID read and write function, except
that the DID is also passed as a parameter. This allows to treat the DID range in a
switch/case in the read or the write function.
The ranges can be applied for reading (ReadDataByIdentifier 0x22) and writing (Write-
DataByIdentifier 0x2E) DIDs.
The ranges can be configured in ECUC_Dcm_00937 : DcmDspDidRange. Each con-
figured range is by default accessible by service 0x22 and 0x2E. In case the range
should be limited to reading or writing, the referenced DcmDspDidInfo container
should be defined accordingly.
It is also possible to define gaps within the range (DcmDspDidRangeHasGaps). By
activating this feature, the Dcm invokes each time a DID is requested within the config-
ured range, the operation IsDidAvailable has to check the current availability. And as
the DIDs of the specified range can have different length, the length of the longest DID
has to be configured (DcmDspDidRangeMaxDataLength) in order to reserve enough
buffer passed to the respective function.
In general, the range functionality can also be used for a single DID if you specifically
want to pass the DID as a parameter. Then lower DID and upper DID should be the
same.
ReadDidRangeDataLength operation allows to request the application to return the
data length of a DID Range.
[SWS_Dcm_CONSTR_6020] Definition of allowed DID access d Any defined range
shall only reference via DcmDspDidRangeInfoRef. The sub-containers DcmDsp-
DidControl and DcmDspDidDefineinDcmDspDidInfo shall not be used] . c()
[SWS_Dcm_CONSTR_6021] DID ranges cannot be mapped on DDDIDs, be-
cause service 0x2C DDDID does not support the range feature. Practi-
cally DcmDspDidRangeIdentifierLowerLimit and DcmDspDidRangeIdenti-
fierUpperLimit should not include DIDs of the range 0xF200 till 0xF3FF. dAny
defined range shall only reference DcmDspDidInfo via DcmDspDidRangeInfoRef,
having set DcmDspDidDynamicallyDefined == False. c()
7.9 Startup behavior

[SWS_Dcm_00334] d Dcm_Init shall initialize all Dcm global variables with the values
of the configuration c()


AUTOSAR SWS DiagnosticCommunicationManager 45-216

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUTOSAR SWS DiagnosticCommunicationManager 45-216

Uploaded by

Copyright:

Available Formats

Specification of Diagnostic Communication

7.1 Error Classification

7.1.1 Development Errors

[SWS_Dcm_00040] Development Error Types d The errors and exceptions de-

Table 7.1: Dcm development errors

7.1.2 Runtime Errors

[SWS_Dcm_01416] Runtime Error Types d The errors and exceptions described in

45 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

Type of error Related error code Value [hex]

Table 7.2: Dcm Runtime errors

7.1.3 Transient Faults

There are no transient faults.

7.1.4 Production Errors

There are no production errors.

7.1.5 Extended Production Errors

There are no extended production errors.

7.2 General design elements

7.2.1 Submodules within the Dcm module

46 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

– Transmits a diagnostic response over a network when triggered by the data

Data Confirmation functionality

Figure 7.1: Possible interaction between the submodules in the DCM

7.2.2 Negative Response Code (NRC)

47 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

7.2.3 Non-volatile information

Several features of the Dcm require non-volatile information to be initialized. AUTOSAR

7.2.4.1 Atomic types overview

Figure 7.2: Atomic types overview

48 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

7.2.4.2 Data array types overview

Figure 7.3: Data array types overview

7.2.4.3 Data types constraints

[SWS_Dcm_CONSTR_6002] Existence of size parameter d DcmDspDataByte-

49 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_CONSTR_6038] Restrictions on datatype usage d DcmDspDataType

7.3 Diagnostic Session Layer (DSL)

[SWS_Dcm_00030] d All functional areas of the DSL submodule shall be in confor-

50 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

7.3.2 Use cases

The DSL submodule provides the following functionalities:

7.3.3 Interaction with other modules

The DSL has the following interaction with other modules:

7.3.4 Functional description

The DSL submodule provides the following functionality:

51 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

• Concurrent ”TesterPresent” (”keep alive logic”).

52 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

information is provided to Dcm by Dcm_StartOfReception via the MetaData of the

53 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_00789] d In case [SWS_Dcm_00788], the Dcm respond with a NRC 0x21

[SWS_Dcm_00443] d If Dcm_StartOfReception returns BUFREQ_OK, the further

54 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_00996] d When the APIDcm_CopyRxData is invoked with SduLength

[SWS_Dcm_00344] d If Dcm_TpRxIndication is called with parameter Result dif-

7.3.4.3 Concurrent ”TesterPresent” (”keep alive logic”)

55 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_00352] d If the function Dcm_TpTxConfirmation is called, then the Dcm

56 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_00354] d Dcm_TpTxConfirmation shall be callable in interrupt context

57 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager

[SWS_Dcm_01166] d If the Multiplicity of DcmDslProtocolTx is set to "0" the Dcm

7.3.4.5 Generic Connection Handling

58 of 639 Document ID 18: AUTOSAR_SWS_DiagnosticCommunicationManager